svn commit: r904855 - in /tomcat/tc5.5.x/trunk: ./ container/modules/ha/src/share/org/apache/catalina/ha/session/ container/webapps/docs/

Sat, 30 Jan 2010 11:30:33 -0800 

Author: markt
Date: Sat Jan 30 19:30:07 2010
New Revision: 904855

URL: http://svn.apache.org/viewvc?rev=904855&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=47554
httpOnly flag not applied to migrated session cookie

Modified:
    tomcat/tc5.5.x/trunk/STATUS.txt
    
tomcat/tc5.5.x/trunk/container/modules/ha/src/share/org/apache/catalina/ha/session/JvmRouteBinderValve.java
    
tomcat/tc5.5.x/trunk/container/modules/ha/src/share/org/apache/catalina/ha/session/LocalStrings.properties
    tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml

Modified: tomcat/tc5.5.x/trunk/STATUS.txt
URL: 
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/STATUS.txt?rev=904855&r1=904854&r2=904855&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/STATUS.txt (original)
+++ tomcat/tc5.5.x/trunk/STATUS.txt Sat Jan 30 19:30:07 2010
@@ -102,12 +102,6 @@
   +1: markt, rjung
   -1: 
 
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=47554
-  httpOnly flag not applied to migrated session cookie
-  http://svn.apache.org/viewvc?rev=891304&view=rev
-  +1: markt, rjung, kkolinko
-  -1: 
-
 * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=48311
   Only the APR lifecycle listener should try and initialise APR
   Patch also syncs all APR lifecycle listener changes from 6.0.x to 5.5.x

Modified: 
tomcat/tc5.5.x/trunk/container/modules/ha/src/share/org/apache/catalina/ha/session/JvmRouteBinderValve.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/modules/ha/src/share/org/apache/catalina/ha/session/JvmRouteBinderValve.java?rev=904855&r1=904854&r2=904855&view=diff
==============================================================================
--- 
tomcat/tc5.5.x/trunk/container/modules/ha/src/share/org/apache/catalina/ha/session/JvmRouteBinderValve.java
 (original)
+++ 
tomcat/tc5.5.x/trunk/container/modules/ha/src/share/org/apache/catalina/ha/session/JvmRouteBinderValve.java
 Sat Jan 30 19:30:07 2010
@@ -433,12 +433,14 @@
                     newCookie.setSecure(true);
                 }
                 if (log.isDebugEnabled()) {
-                    log.debug(sm.getString("jvmRoute.newSessionCookie",
-                            sessionId, Globals.SESSION_COOKIE_NAME, newCookie
-                                    .getPath(), new Boolean(newCookie
-                                    .getSecure())));
+                    Object[] args = new Object[] {sessionId,
+                            Globals.SESSION_COOKIE_NAME,
+                            newCookie.getPath(),
+                            new Boolean(newCookie.getSecure()),
+                            new Boolean(context.getUseHttpOnly())};
+                    log.debug(sm.getString("jvmRoute.newSessionCookie", args));
                 }
-                response.addCookie(newCookie);
+                response.addCookieInternal(newCookie, 
context.getUseHttpOnly());
             }
         }
     }

Modified: 
tomcat/tc5.5.x/trunk/container/modules/ha/src/share/org/apache/catalina/ha/session/LocalStrings.properties
URL: 
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/modules/ha/src/share/org/apache/catalina/ha/session/LocalStrings.properties?rev=904855&r1=904854&r2=904855&view=diff
==============================================================================
--- 
tomcat/tc5.5.x/trunk/container/modules/ha/src/share/org/apache/catalina/ha/session/LocalStrings.properties
 (original)
+++ 
tomcat/tc5.5.x/trunk/container/modules/ha/src/share/org/apache/catalina/ha/session/LocalStrings.properties
 Sat Jan 30 19:30:07 2010
@@ -78,7 +78,7 @@
 jvmRoute.listener.stopped=SessionID Binder Listener stopped
 jvmRoute.lostSession=Lost Session [{0}] at path [{1}]
 jvmRoute.missingJvmRouteAttribute=No engine jvmRoute attribute configured!
-jvmRoute.newSessionCookie=Setting cookie with session id [{0}] name: [{1}] 
path: [{2}] secure: [{3}]
+jvmRoute.newSessionCookie=Setting cookie with session id [{0}] name: [{1}] 
path: [{2}] secure: [{3}] httpOnly: [{4}]
 jvmRoute.noCluster=The JvmRouterBinderValve is configured, but clustering is 
not being used. Fail over will still work, providing a PersistentManager is 
used.
 jvmRoute.notFoundManager=Not found Cluster DeltaManager {0} at {1}
 jvmRoute.receiveMessage.sessionIDChanged=Cluster 
JvmRouteSessionIDBinderListener received orginal session ID [{0}] set to new id 
[{1}] for context path [{2}]

Modified: tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml?rev=904855&r1=904854&r2=904855&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml (original)
+++ tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml Sat Jan 30 
19:30:07 2010
@@ -201,6 +201,10 @@
         <bug>46384</bug>: Correct synchronisation issue that could lead to a
         cluster member disappering permanently. (markt)
       </fix>
+      <fix>
+        <bug>47554</bug>: Include httpOnly attribute when re-writing session
+        cookie after fail over. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Webapps">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to