(tomcat) branch main updated: Fix SSO cookie partitioned configuration

Tue, 02 Jun 2026 02:51:35 -0700 

This is an automated email from the ASF dual-hosted git repository.

rmaucher pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
     new 5bd25cecc0 Fix SSO cookie partitioned configuration
5bd25cecc0 is described below

commit 5bd25cecc0ca0d06ba9fec2b18aaf9d21793b828
Author: remm <[email protected]>
AuthorDate: Tue Jun 2 11:51:13 2026 +0200

    Fix SSO cookie partitioned configuration
---
 java/org/apache/catalina/authenticator/AuthenticatorBase.java | 5 +++--
 java/org/apache/catalina/authenticator/SingleSignOn.java      | 5 +++--
 webapps/docs/changelog.xml                                    | 3 +++
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/java/org/apache/catalina/authenticator/AuthenticatorBase.java 
b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
index b1bdf5ae67..26341e4a9d 100644
--- a/java/org/apache/catalina/authenticator/AuthenticatorBase.java
+++ b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
@@ -1193,8 +1193,9 @@ public abstract class AuthenticatorBase extends ValveBase 
implements Authenticat
             }
 
             // Configure Partitioned on SSO cookie using same rules as session 
cookies
-            cookie.setAttribute(Constants.COOKIE_PARTITIONED_ATTR,
-                    
Boolean.toString(request.getContext().getUsePartitioned()));
+            if (request.getContext().getUsePartitioned()) {
+                cookie.setAttribute(Constants.COOKIE_PARTITIONED_ATTR, "");
+            }
 
             response.addCookie(cookie);
 
diff --git a/java/org/apache/catalina/authenticator/SingleSignOn.java 
b/java/org/apache/catalina/authenticator/SingleSignOn.java
index c24831548a..7fec99dae7 100644
--- a/java/org/apache/catalina/authenticator/SingleSignOn.java
+++ b/java/org/apache/catalina/authenticator/SingleSignOn.java
@@ -313,8 +313,9 @@ public class SingleSignOn extends ValveBase {
                     request.getContext().getUseHttpOnly()) {
                 cookie.setHttpOnly(true);
             }
-            cookie.setAttribute(Constants.COOKIE_PARTITIONED_ATTR,
-                    
Boolean.toString(request.getContext().getUsePartitioned()));
+            if (request.getContext().getUsePartitioned()) {
+                cookie.setAttribute(Constants.COOKIE_PARTITIONED_ATTR, "");
+            }
 
             response.addCookie(cookie);
         }
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index c4996231e2..3ce55a7ccc 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -327,6 +327,9 @@
         When encoding URLs with the <code>CsrfPreventionFilter</code>, don't 
add
         the nonce to URLs that are known not to require it. (markt)
       </fix>
+      <fix>
+        Fix SSO cookie partitioned configuration. (remm)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to