[FELIX-5099] JSESSIONID Cookie in HTTPS Session Without 'Secure' and ‘HttpOnly’ Attributes - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: http.jetty-3.1.4
Component/s: HTTP Service
Labels:
None

Description

The session Cookie JSESSIONID has not the attributes HttpOnly and Secure;

There is already a pull request to address the HttpOnly case in https://github.com/apache/felix/pull/12/files

Same approach can be used to address the secure flag

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

FELIX-5099-patch.txt
13/Nov/15 08:13
3 kB
Antonio Sanso

Activity

People

Assignee:: David Bosschaert

Reporter:: Antonio Sanso

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 13/Nov/15 08:00

Updated:: 29/Nov/15 14:51

Resolved:: 19/Nov/15 14:02