Author: fhanik Date: Thu Mar 5 00:34:29 2009 New Revision: 750257 URL: http://svn.apache.org/viewvc?rev=750257&view=rev Log: Make the useHttpOnly a Context attribute
Modified: tomcat/trunk/java/org/apache/catalina/Context.java tomcat/trunk/java/org/apache/catalina/Manager.java tomcat/trunk/java/org/apache/catalina/connector/Request.java tomcat/trunk/java/org/apache/catalina/core/StandardContext.java tomcat/trunk/java/org/apache/catalina/session/ManagerBase.java tomcat/trunk/webapps/docs/config/context.xml tomcat/trunk/webapps/docs/config/manager.xml Modified: tomcat/trunk/java/org/apache/catalina/Context.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/Context.java?rev=750257&r1=750256&r2=750257&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/Context.java (original) +++ tomcat/trunk/java/org/apache/catalina/Context.java Thu Mar 5 00:34:29 2009 @@ -181,8 +181,24 @@ */ public void setCookies(boolean cookies); + /** + * Gets the value of the use HttpOnly cookies for session cookies flag. + * + * @return <code>true</code> if the HttpOnly flag should be set on session + * cookies + */ + public boolean getUseHttpOnly(); + /** + * Sets the use HttpOnly cookies for session cookies flag. + * + * @param useHttpOnly Set to <code>true</code> to use HttpOnly cookies + * for session cookies + */ + public void setUseHttpOnly(boolean useHttpOnly); + + /** * Return the "allow crossing servlet contexts" flag. */ public boolean getCrossContext(); Modified: tomcat/trunk/java/org/apache/catalina/Manager.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/Manager.java?rev=750257&r1=750256&r2=750257&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/Manager.java (original) +++ tomcat/trunk/java/org/apache/catalina/Manager.java Thu Mar 5 00:34:29 2009 @@ -240,24 +240,6 @@ public void setSessionAverageAliveTime(int sessionAverageAliveTime); - /** - * Gets the value of the use HttpOnly cookies for session cookies flag. - * - * @return <code>true</code> if the HttpOnly flag should be set on session - * cookies - */ - public boolean getUseHttpOnly(); - - - /** - * Sets the use HttpOnly cookies for session cookies flag. - * - * @param useHttpOnly Set to <code>true</code> to use HttpOnly cookies - * for session cookies - */ - public void setUseHttpOnly(boolean useHttpOnly); - - // --------------------------------------------------------- Public Methods Modified: tomcat/trunk/java/org/apache/catalina/connector/Request.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/connector/Request.java?rev=750257&r1=750256&r2=750257&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/connector/Request.java (original) +++ tomcat/trunk/java/org/apache/catalina/connector/Request.java Thu Mar 5 00:34:29 2009 @@ -2455,7 +2455,7 @@ } if ((scc != null && scc.isHttpOnly()) || - context.getManager().getUseHttpOnly()) { + context.getUseHttpOnly()) { cookie.setHttpOnly(true); } Modified: tomcat/trunk/java/org/apache/catalina/core/StandardContext.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/StandardContext.java?rev=750257&r1=750256&r2=750257&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/core/StandardContext.java (original) +++ tomcat/trunk/java/org/apache/catalina/core/StandardContext.java Thu Mar 5 00:34:29 2009 @@ -700,6 +700,13 @@ */ private boolean saveConfig = true; + /** + * The flag that indicates that session cookies should use HttpOnly + */ + private boolean useHttpOnly = true; + + + // ----------------------------------------------------- Context Properties @@ -1114,6 +1121,33 @@ new Boolean(this.cookies)); } + + /** + * Gets the value of the use HttpOnly cookies for session cookies flag. + * + * @return <code>true</code> if the HttpOnly flag should be set on session + * cookies + */ + public boolean getUseHttpOnly() { + return useHttpOnly; + } + + + /** + * Sets the use HttpOnly cookies for session cookies flag. + * + * @param useHttpOnly Set to <code>true</code> to use HttpOnly cookies + * for session cookies + */ + public void setUseHttpOnly(boolean useHttpOnly) { + boolean oldUseHttpOnly = this.useHttpOnly; + this.useHttpOnly = useHttpOnly; + support.firePropertyChange("useHttpOnly", + new Boolean(oldUseHttpOnly), + new Boolean(this.useHttpOnly)); + } + + /** Modified: tomcat/trunk/java/org/apache/catalina/session/ManagerBase.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/session/ManagerBase.java?rev=750257&r1=750256&r2=750257&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/session/ManagerBase.java (original) +++ tomcat/trunk/java/org/apache/catalina/session/ManagerBase.java Thu Mar 5 00:34:29 2009 @@ -217,10 +217,6 @@ */ protected PropertyChangeSupport support = new PropertyChangeSupport(this); - /** - * The flag that indicates that session cookies should use HttpOnly - */ - protected boolean useHttpOnly = true; // ------------------------------------------------------------- Security classes @@ -658,28 +654,6 @@ new Integer(this.processExpiresFrequency)); } - - /** - * Gets the value of the use HttpOnly cookies for session cookies flag. - * - * @return <code>true</code> if the HttpOnly flag should be set on session - * cookies - */ - public boolean getUseHttpOnly() { - return useHttpOnly; - } - - - /** - * Sets the use HttpOnly cookies for session cookies flag. - * - * @param useHttpOnly Set to <code>true</code> to use HttpOnly cookies - * for session cookies - */ - public void setUseHttpOnly(boolean useHttpOnly) { - this.useHttpOnly = useHttpOnly; - } - // --------------------------------------------------------- Public Methods Modified: tomcat/trunk/webapps/docs/config/context.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/context.xml?rev=750257&r1=750256&r2=750257&view=diff ============================================================================== --- tomcat/trunk/webapps/docs/config/context.xml (original) +++ tomcat/trunk/webapps/docs/config/context.xml Thu Mar 5 00:34:29 2009 @@ -229,6 +229,13 @@ implementation class that will be used for servlets managed by this Context. If not specified, a standard default value will be used.</p> </attribute> + + <attribute name="useHttpOnly" required="false"> + <p>Should the HttpOnly flag be set on session cookies to prevent client + side script from accessing the session ID? Defaults to + <code>true</code>.</p> + </attribute> + </attributes> Modified: tomcat/trunk/webapps/docs/config/manager.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/manager.xml?rev=750257&r1=750256&r2=750257&view=diff ============================================================================== --- tomcat/trunk/webapps/docs/config/manager.xml (original) +++ tomcat/trunk/webapps/docs/config/manager.xml Thu Mar 5 00:34:29 2009 @@ -157,12 +157,6 @@ The default is 16.</p> </attribute> - <attribute name="useHttpOnly" required="false"> - <p>Should the HttpOnly flag be set on session cookies to prevent client - side script from accessing the session ID? Defaults to - <code>true</code>.</p> - </attribute> - </attributes> <h3>Persistent Manager Implementation</h3> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org