[Bug 53377] New: Cookie JSESSIONID is not secured

bugzilla Wed, 06 Jun 2012 20:58:05 -0700

https://issues.apache.org/bugzilla/show_bug.cgi?id=53377


          Priority: P2
            Bug ID: 53377
          Assignee: [email protected]
           Summary: Cookie JSESSIONID is not secured
          Severity: major
    Classification: Unclassified
                OS: Linux
          Reporter: [email protected]
          Hardware: All
            Status: NEW
           Version: 5.5.33
         Component: Connector:HTTP
           Product: Tomcat 5

I happened to setup in tomcat
    <Connector port="8443" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" SSLEnabled="true"/>

But when i request https://MyURL

And from the firefox raw data, i still see JSESSION cookie is not secured.

There is no secure word at the the Set-Cookie

Set-Cookie: JSESSIONID=BAD4B8869D292DECECDA75863eCg; Path=/myApp

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[Bug 53377] New: Cookie JSESSIONID is not secured

Reply via email to