This does change the internal representation of the HttpOnly and Secure attributes but I think it is a change worth making as it provides us with a more generic solution for any similar attributes rather than relying on special handling within the container.
I want to allow time for feedback before merging since there is a behaviour change. But we are also short of time as we need to get the release out this month. I'll leave this as long as I can which probably means ~1 week as I have a bunch of TCK failures I need to work through (most likely configuration issues on my part rather than TCK bugs) and there are the updates / additions to the TCK tests for this release.
This does change the internal representation of the
HttpOnly
andSecure
attributes but I think it is a change worth making as it provides us with a more generic solution for any similar attributes rather than relying on special handling within the container.I want to allow time for feedback before merging since there is a behaviour change. But we are also short of time as we need to get the release out this month. I'll leave this as long as I can which probably means ~1 week as I have a bunch of TCK failures I need to work through (most likely configuration issues on my part rather than TCK bugs) and there are the updates / additions to the TCK tests for this release.