Support session cookie 'HttpOnly' flag when changing session id due to memcached failover (for tomcat >= 6.0.19 only)

baiheqiang / memcached-session-manager

Automatically exported from code.google.com/p/memcached-session-manager

0 stars 0 forks source link

Support session cookie 'HttpOnly' flag when changing session id due to memcached failover (for tomcat >= 6.0.19 only) #54

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago

If session cookies are set it should be possible to add the http-only 
flag.

Original issue reported on code.google.com by mdie...@gmail.com on 25 Mar 2010 at 10:14

GoogleCodeExporter commented 8 years ago

The context element provides the useHttpOnly flag since 6.0.19, this is getting 
used 
(by tomcat) when tomcat creates and sets the session cookie.

For msm this is relevant for memcached failover, when msm rewrites the session 
cookie.

Original comment by martin.grotzke on 25 Mar 2010 at 3:08

Changed title: Support session cookie 'HttpOnly' flag when session id is rewritten due to memcached failover
Changed state: Accepted
Added labels: Type-Enhancement
Removed labels: Type-Defect

GoogleCodeExporter commented 8 years ago

Implemented, still supporting tomcat versions < 6.0.19, so that only for tomcat 
versions supporting useHttpOnly this is used when the session id is changed.

Original comment by martin.grotzke on 26 Mar 2010 at 12:36

Changed title: Support session cookie 'HttpOnly' flag when changing session id due to memcached failover (for tomcat >= 6.0.19 only)
Changed state: Fixed
Added labels: Milestone-1.3.0

GoogleCodeExporter commented 8 years ago

Original comment by martin.grotzke on 5 Apr 2010 at 10:15

Added labels: Milestone-1.3
Removed labels: Milestone-1.3.0