[HADOOP-11677] Add cookie flags for logs and static contexts - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.8.0, 3.0.0-alpha1
Component/s: None
Labels:
- BB2015-05-TBR

Hadoop Flags:

Reviewed

Description

In HTTPServer2.java for the default context the secure attributes are set.

SessionManager sm = webAppContext.getSessionHandler().getSessionManager();
    if (sm instanceof AbstractSessionManager) {
      AbstractSessionManager asm = (AbstractSessionManager)sm;
      asm.setHttpOnly(true);
      asm.setSecureCookies(true);
    }

But when the contexts are created for /logs and /static, new contexts are created and the session handler is assigned as null.

Here also the secure attributes needs to be set.

Is it not done intentionally ? please give your thought

Background
trying to add login action for HTTP pages. After this when security test tool is used, it reports error for these 2 urls (/logs and /static).

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

001-HADOOP-11677.patch
05/Mar/15 10:03
2 kB
nijel
HADOOP-11677.1.patch
29/Apr/15 15:00
2 kB
nijel
HADOOP-11677-2.patch
30/Apr/15 02:40
2 kB
nijel

Activity

People

Assignee:: nijel

Reporter:: nijel

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 05/Mar/15 09:57

Updated:: 30/Aug/16 01:30

Resolved:: 23/Nov/15 03:58