-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yu (Kikuchi?),
On 4/18/2011 9:04 PM, Yu Kikuchi wrote: > Sorry. The point of view is very important but I didn't mention about it. > > To be exact, I want to suffix slash "/" to the cookie path. > > From) Set-Cookie JSESSIONID=794CC361C468123CA1D187B9C5F5FAA5; Path=/foo > To ) Set-Cookie JSESSIONID=794CC361C468123CA1D187B9C5F5FAA5; Path=/foo/ > > My application returns cookie with "Path=/foo" and I think it has > security issue > that the browsers send the cookie to all of the directory that name > begins with > "/foo". (such as /foobar, /food, etc.) > > So I want to know whether the path could be fixed without changing my > apps or not. If you have a client (browser) that does that, it is very broken. Can you demonstrate this anywhere? - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2s6x8ACgkQ9CaO5/Lv0PDWdQCgqY5aZohs/QtVt9Ptvarpw5fF oJQAoLdunKUKs7AnRWG0nYjxyvZoAPHH =7DZ5 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org