> On May 14, 2015, 4:06 p.m., Jonathan Hurley wrote: > > ambari-project/pom.xml, line 237 > > <https://reviews.apache.org/r/34212/diff/1/?file=959251#file959251line237> > > > > Any reason we didn't go right to 9?
Thanks for reviewing! I thought about it but decided that making a smaller jump would involve fewer changes and be less risky. - Tom ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/34212/#review83781 ----------------------------------------------------------- On May 14, 2015, 1:22 p.m., Tom Beerbower wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/34212/ > ----------------------------------------------------------- > > (Updated May 14, 2015, 1:22 p.m.) > > > Review request for Ambari, Jonathan Hurley and Nate Cole. > > > Bugs: AMBARI-11129 > https://issues.apache.org/jira/browse/AMBARI-11129 > > > Repository: ambari > > > Description > ------- > > Ambari should set the following flags for session cookies. > > 1) https://www.owasp.org/index.php/HttpOnly > 2) https://www.owasp.org/index.php/SecureFlag > > SecureFlag only needs to be set when people configure for Ambari HTTPS. > > > Requires changing to servlet 3.0 and Jetty 8. > > > Diffs > ----- > > ambari-project/pom.xml 378a998 > ambari-server/pom.xml 8efd1ec > > ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariHandlerList.java > 4207007 > > ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java > 77f6d2c > > ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariSessionManager.java > 721d95b > > ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java > 432e41a > > ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariHandlerListTest.java > afad6ce > > ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariServerTest.java > 484f398 > > ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariSessionManagerTest.java > 058baa1 > > Diff: https://reviews.apache.org/r/34212/diff/ > > > Testing > ------- > > Manual tested. > > Added new unit tests. > > mvn clean test > > > Thanks, > > Tom Beerbower > >
