https://bz.apache.org/bugzilla/show_bug.cgi?id=69815
--- Comment #2 from Réda Housni Alaoui <[email protected]> --- Hello Mark, > The protocol assumes that sessions are never scoped more narrowly than per > origin. I don’t know what makes you think that. The scope session rule « path » attribute ( https://w3c.github.io/webappsec-dbsc/#json-session-scope-rule ) allows to specify the origin’s paths protected by the session. In fact, we implemented the protocol on an application that is not limited to the root context. To do that, we specify provide a json session scope rule having a path matching the Tomcat context path. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
