Author: fhanik
Date: Thu Mar 5 00:34:29 2009
New Revision: 750257
URL: http://svn.apache.org/viewvc?rev=750257&view=rev
Log:
Make the useHttpOnly a Context attribute
Modified:
tomcat/trunk/java/org/apache/catalina/Context.java
tomcat/trunk/java/org/apache/catalina/Manager.java
tomcat/trunk/java/org/apache/catalina/connector/Request.java
tomcat/trunk/java/org/apache/catalina/core/StandardContext.java
tomcat/trunk/java/org/apache/catalina/session/ManagerBase.java
tomcat/trunk/webapps/docs/config/context.xml
tomcat/trunk/webapps/docs/config/manager.xml
Modified: tomcat/trunk/java/org/apache/catalina/Context.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/Context.java?rev=750257&r1=750256&r2=750257&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/Context.java (original)
+++ tomcat/trunk/java/org/apache/catalina/Context.java Thu Mar 5 00:34:29 2009
@@ -181,8 +181,24 @@
*/
public void setCookies(boolean cookies);
+ /**
+ * Gets the value of the use HttpOnly cookies for session cookies flag.
+ *
+ * @return <code>true</code> if the HttpOnly flag should be set on session
+ * cookies
+ */
+ public boolean getUseHttpOnly();
+
/**
+ * Sets the use HttpOnly cookies for session cookies flag.
+ *
+ * @param useHttpOnly Set to <code>true</code> to use HttpOnly cookies
+ * for session cookies
+ */
+ public void setUseHttpOnly(boolean useHttpOnly);
+
+ /**
* Return the "allow crossing servlet contexts" flag.
*/
public boolean getCrossContext();
Modified: tomcat/trunk/java/org/apache/catalina/Manager.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/Manager.java?rev=750257&r1=750256&r2=750257&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/Manager.java (original)
+++ tomcat/trunk/java/org/apache/catalina/Manager.java Thu Mar 5 00:34:29 2009
@@ -240,24 +240,6 @@
public void setSessionAverageAliveTime(int sessionAverageAliveTime);
- /**
- * Gets the value of the use HttpOnly cookies for session cookies flag.
- *
- * @return <code>true</code> if the HttpOnly flag should be set on session
- * cookies
- */
- public boolean getUseHttpOnly();
-
-
- /**
- * Sets the use HttpOnly cookies for session cookies flag.
- *
- * @param useHttpOnly Set to <code>true</code> to use HttpOnly cookies
- * for session cookies
- */
- public void setUseHttpOnly(boolean useHttpOnly);
-
-
// --------------------------------------------------------- Public Methods
Modified: tomcat/trunk/java/org/apache/catalina/connector/Request.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/connector/Request.java?rev=750257&r1=750256&r2=750257&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/connector/Request.java (original)
+++ tomcat/trunk/java/org/apache/catalina/connector/Request.java Thu Mar 5
00:34:29 2009
@@ -2455,7 +2455,7 @@
}
if ((scc != null && scc.isHttpOnly()) ||
- context.getManager().getUseHttpOnly()) {
+ context.getUseHttpOnly()) {
cookie.setHttpOnly(true);
}
Modified: tomcat/trunk/java/org/apache/catalina/core/StandardContext.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/StandardContext.java?rev=750257&r1=750256&r2=750257&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/core/StandardContext.java (original)
+++ tomcat/trunk/java/org/apache/catalina/core/StandardContext.java Thu Mar 5
00:34:29 2009
@@ -700,6 +700,13 @@
*/
private boolean saveConfig = true;
+ /**
+ * The flag that indicates that session cookies should use HttpOnly
+ */
+ private boolean useHttpOnly = true;
+
+
+
// ----------------------------------------------------- Context Properties
@@ -1114,6 +1121,33 @@
new Boolean(this.cookies));
}
+
+ /**
+ * Gets the value of the use HttpOnly cookies for session cookies flag.
+ *
+ * @return <code>true</code> if the HttpOnly flag should be set on session
+ * cookies
+ */
+ public boolean getUseHttpOnly() {
+ return useHttpOnly;
+ }
+
+
+ /**
+ * Sets the use HttpOnly cookies for session cookies flag.
+ *
+ * @param useHttpOnly Set to <code>true</code> to use HttpOnly cookies
+ * for session cookies
+ */
+ public void setUseHttpOnly(boolean useHttpOnly) {
+ boolean oldUseHttpOnly = this.useHttpOnly;
+ this.useHttpOnly = useHttpOnly;
+ support.firePropertyChange("useHttpOnly",
+ new Boolean(oldUseHttpOnly),
+ new Boolean(this.useHttpOnly));
+ }
+
+
/**
Modified: tomcat/trunk/java/org/apache/catalina/session/ManagerBase.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/session/ManagerBase.java?rev=750257&r1=750256&r2=750257&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/session/ManagerBase.java (original)
+++ tomcat/trunk/java/org/apache/catalina/session/ManagerBase.java Thu Mar 5
00:34:29 2009
@@ -217,10 +217,6 @@
*/
protected PropertyChangeSupport support = new PropertyChangeSupport(this);
- /**
- * The flag that indicates that session cookies should use HttpOnly
- */
- protected boolean useHttpOnly = true;
// ------------------------------------------------------------- Security
classes
@@ -658,28 +654,6 @@
new Integer(this.processExpiresFrequency));
}
-
- /**
- * Gets the value of the use HttpOnly cookies for session cookies flag.
- *
- * @return <code>true</code> if the HttpOnly flag should be set on session
- * cookies
- */
- public boolean getUseHttpOnly() {
- return useHttpOnly;
- }
-
-
- /**
- * Sets the use HttpOnly cookies for session cookies flag.
- *
- * @param useHttpOnly Set to <code>true</code> to use HttpOnly cookies
- * for session cookies
- */
- public void setUseHttpOnly(boolean useHttpOnly) {
- this.useHttpOnly = useHttpOnly;
- }
-
// --------------------------------------------------------- Public Methods
Modified: tomcat/trunk/webapps/docs/config/context.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/context.xml?rev=750257&r1=750256&r2=750257&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/context.xml (original)
+++ tomcat/trunk/webapps/docs/config/context.xml Thu Mar 5 00:34:29 2009
@@ -229,6 +229,13 @@
implementation class that will be used for servlets managed by this
Context. If not specified, a standard default value will be used.</p>
</attribute>
+
+ <attribute name="useHttpOnly" required="false">
+ <p>Should the HttpOnly flag be set on session cookies to prevent client
+ side script from accessing the session ID? Defaults to
+ <code>true</code>.</p>
+ </attribute>
+
</attributes>
Modified: tomcat/trunk/webapps/docs/config/manager.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/manager.xml?rev=750257&r1=750256&r2=750257&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/manager.xml (original)
+++ tomcat/trunk/webapps/docs/config/manager.xml Thu Mar 5 00:34:29 2009
@@ -157,12 +157,6 @@
The default is 16.</p>
</attribute>
- <attribute name="useHttpOnly" required="false">
- <p>Should the HttpOnly flag be set on session cookies to prevent client
- side script from accessing the session ID? Defaults to
- <code>true</code>.</p>
- </attribute>
-
</attributes>
<h3>Persistent Manager Implementation</h3>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
