billbarker 2002/11/02 18:42:13
Modified: src/doc serverxml.html
Log:
Document new attribute to SessionId.
Revision Changes Path
1.29 +11 -3 jakarta-tomcat/src/doc/serverxml.html
Index: serverxml.html
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/doc/serverxml.html,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -r1.28 -r1.29
--- serverxml.html 19 Sep 2002 11:13:18 -0000 1.28
+++ serverxml.html 3 Nov 2002 02:42:13 -0000 1.29
@@ -2501,13 +2501,21 @@
</tr>
<tr valign="top">
<td>checkSSLSessionId<br><b>[Tomcat 3.3.1]</b></td>
- <td>If true, Tomcat session will be verified against SSL session to prevent
+ <td>If <code>true</code>, Tomcat session will be verified against SSL session
to prevent
(malicious) use of other users' sessions. In order for this to work, SSL
has to be enabled (through Apache) and SSL Session ID has to be known to
Tomcat. More information can be found in mod_jk documentation.</td>
<td>false</td>
</tr>
-
+ <tr valign="top>
+ <td>secureCookie<br><b>[Tomcat 3.3.2]</b></td>
+ <td>If <code>true</code>, then Tomcat will mark the Session ID cookie as
+ as "Secure" if the session is created over a SSL connection. A
+ conforming browser will only send the cookie back to a page that is using
+ SSL. The effect is that if a session is created from a SSL page, than
+ it is not available to any non-SSL pages.</td>
+ <td>true</td>
+ </tr>
</table>
<h4>Example(s)</h4>
--
To unsubscribe, e-mail: <mailto:tomcat-dev-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@;jakarta.apache.org>
