View | Details | Raw Unified | Return to bug 44382
Collapse All | Expand All

(-)C:/Documents and Settings/Jim/workspace/tomcat-trunk/java/org/apache/tomcat/util/http/ServerCookie.java (-1 / +14 lines)
Lines 52-57 Link Here
52
    private int version = 0;
52
    private int version = 0;
53
53
54
    /**
54
    /**
55
     * Default to backwards compatible cookie behavior without HttpOnly
56
     */
57
     
58
    public static final boolean HTTP_ONLY_SESSION_COOKIE =
59
       Boolean.valueOf(System.getProperty("org.apache.catalina.HTTP_ONLY_SESSION_COOKIE", "false")).booleanValue(); 
60
     
61
    /**
55
     * If set to true, we parse cookies according to the servlet spec,
62
     * If set to true, we parse cookies according to the servlet spec,
56
     */
63
     */
57
    public static final boolean STRICT_SERVLET_COMPLIANCE =
64
    public static final boolean STRICT_SERVLET_COMPLIANCE =
Lines 247-253 Link Here
247
                                          String domain,
254
                                          String domain,
248
                                          String comment,
255
                                          String comment,
249
                                          int maxAge,
256
                                          int maxAge,
250
                                          boolean isSecure )
257
                                          boolean isSecure,
258
                                          boolean httpOnly)
251
    {
259
    {
252
        StringBuffer buf = new StringBuffer();
260
        StringBuffer buf = new StringBuffer();
253
        // Servlet implementation checks name
261
        // Servlet implementation checks name
Lines 307-312 Link Here
307
          buf.append ("; Secure");
315
          buf.append ("; Secure");
308
        }
316
        }
309
        
317
        
318
        // HttpOnly
319
        if (HTTP_ONLY_SESSION_COOKIE && httpOnly) {
320
          buf.append ("; HttpOnly");
321
        }
322
        
310
        headerBuf.append(buf);
323
        headerBuf.append(buf);
311
    }
324
    }
312
325

Return to bug 44382