bossadvisors / memcached-session-manager

Automatically exported from code.google.com/p/memcached-session-manager
0 stars 0 forks source link

Support session cookie 'HttpOnly' flag when changing session id due to memcached failover (for tomcat >= 6.0.19 only) #54

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
If session cookies are set it should be possible to add the http-only 
flag. 

Original issue reported on code.google.com by mdie...@gmail.com on 25 Mar 2010 at 10:14

GoogleCodeExporter commented 9 years ago
The context element provides the useHttpOnly flag since 6.0.19, this is getting 
used 
(by tomcat) when tomcat creates and sets the session cookie.

For msm this is relevant for memcached failover, when msm rewrites the session 
cookie.

Original comment by martin.grotzke on 25 Mar 2010 at 3:08

GoogleCodeExporter commented 9 years ago
Implemented, still supporting tomcat versions < 6.0.19, so that only for tomcat 
versions supporting useHttpOnly this is used when the session id is changed.

Original comment by martin.grotzke on 26 Mar 2010 at 12:36

GoogleCodeExporter commented 9 years ago

Original comment by martin.grotzke on 5 Apr 2010 at 10:15