Support session cookie 'HttpOnly' flag when changing session id due to memcached failover (for tomcat >= 6.0.19 only)

magro / testrepo

foo

0 stars 0 forks source link

Support session cookie 'HttpOnly' flag when changing session id due to memcached failover (for tomcat >= 6.0.19 only) #54

Closed magro closed 9 years ago

magro commented 9 years ago

From mdie...@gmail.com on March 25, 2010 11:14:04

If session cookies are set it should be possible to add the http-only flag.

Original issue: http://code.google.com/p/memcached-session-manager/issues/detail?id=54

magro commented 9 years ago

From martin.grotzke on March 25, 2010 08:08:38

The context element provides the useHttpOnly flag since 6.0.19, this is getting used (by tomcat) when tomcat creates and sets the session cookie.

For msm this is relevant for memcached failover, when msm rewrites the session cookie.

Summary: Support session cookie 'HttpOnly' flag when session id is rewritten due to memcached failover
Status: Accepted
Labels: -Type-Defect Type-Enhancement

magro commented 9 years ago

From martin.grotzke on March 25, 2010 17:36:07

Implemented, still supporting tomcat versions < 6.0.19, so that only for tomcat versions supporting useHttpOnly this is used when the session id is changed.

Summary: Support session cookie 'HttpOnly' flag when changing session id due to memcached failover (for tomcat >= 6.0.19 only)
Status: Fixed
Labels: Milestone-1.3.0

magro commented 9 years ago

From martin.grotzke on April 05, 2010 15:15:33

(No comment was entered for this change.)

Labels: -Milestone-1.3.0 Milestone-1.3