This patch adds "secureCookie" option to SessionId Intercepter.
For example,
<SessionId cookiesFirst="true" noCookies="false" secureCookie="true" />
If secureCookie is set to be "true", cookie for JSESSIONID sent via SSL connection
will have "Secure" option.
The patch below is for Tomcat-3.3.1a.
Hiroshi
===================================================================
--- src/share/org/apache/tomcat/modules/session/SessionId.java.orig Wed Sep 3
15:34:11 2003
+++ src/share/org/apache/tomcat/modules/session/SessionId.java Wed Sep 3 15:04:22
2003
@@ -96,6 +96,7 @@
boolean noCookies=false;
boolean cookiesFirst=true;
boolean checkSSLSessionId=false;
+ boolean secureCookie=false;
public SessionId() {
}
@@ -112,6 +113,10 @@
this.checkSSLSessionId = checkSSLSessionId;
}
+ public void setSecureCookie(boolean secureCookie) {
+ this.secureCookie = secureCookie;
+ }
+
/** Extract the session id from the request.
* SessionInterceptor will have to be called _before_ mapper,
@@ -341,6 +346,9 @@
StringBuffer buf = new StringBuffer();
buf.append( "JSESSIONID=" ).append( reqSessionId );
buf.append( ";Path=" ).append( sessionPath );
+ if ( secureCookie && rrequest.isSecure() ) {
+ buf.append( ";Secure" );
+ }
response.addHeader( "Set-Cookie",
buf.toString());
if( debug>0) log( "Setting cookie " + buf );
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
