Tim,
Thanks for the reply. Can you explain what you mean by "becomes part of the
value". I thought I had them part of the cookieValue already?
Can point out the change I need to make in my code snippet?
-Kal
Tim Funk wrote:
>
> With 6.0.18 : "; Path=/; HttpOnly" [literally] becomes part of the
> cookie value. [That it worked before was sheer luck.]
>
> -Tim
>
> KalChitown wrote:
>> We recently upgraded from 6.0.14 to 6.0.18 due to an XSS security alert
>> we
>> received.
>>
>> The following code was working in 6.0.14 version but not in 6.0.18. Can
>> anyone explain this or a work around.
>>
>>
>> String sessionId = "Our session ID";
>> String cookieValue = sessionId + "; Path=/; HttpOnly ";
>> Cookie cookie = new Cookie("sessionId", cookieValue);
>> cookie.setVersion(1);
>> response.addCookie(cookie);
>>
>>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
--
View this message in context:
http://www.nabble.com/Tomcat-Experts---Need-help-with-Cookie-support-in-6.0.18-tp18980912p18982955.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
