Great News, and thanks a lot. But How do i implement this feature ?????
Eduardo Campoy Technology Account Manager Novell, THE leading provider of net business solutions Tel - 55 11 3345-3938 Cel - 55 11 9232-7456 AIM - ecampoy sao MSN - [EMAIL PROTECTED] >>> [EMAIL PROTECTED] 11/26/03 5:55 PM >>> The "secureCookie" attribute was added to 3.3.2 only to allow backwards compatibility with 3.3.1. Like Tomcat 4 and higher, the default is 'true'. It's a pretty small patch: http://cvs.apache.org/viewcvs/jakarta-tomcat/src/share/org/apache/tomcat/mod ules/session/SessionId.java.diff?r1=1.20&r2=1.21 if you just want to add the feature to 3.3.1. Like Yoav said, TC 4 and higher always uses secure cookies. ----- Original Message ----- From: "Shapira, Yoav" <[EMAIL PROTECTED]> To: "Tomcat Developers List" <[EMAIL PROTECTED]> Sent: Wednesday, November 26, 2003 8:37 AM Subject: RE: Question on Tomcat 4 Howdy, Tomcat 4 and later are so different from 3.x. I suggest you do the migration, if only for the speed and feature increases. I don't think there's an "attribute" called "secureCookie" in tomcat4, as there is no "un-secure" mode. Perhaps a tomcat 3 guru like Senor Barker can fill in more information... Yoav Shapira Millennium ChemInformatics >-----Original Message----- >From: Eduardo Campoy [mailto:[EMAIL PROTECTED] >Sent: Wednesday, November 26, 2003 11:33 AM >To: [EMAIL PROTECTED] >Cc: Jason Rivard >Subject: Question on Tomcat 4 > >Hello, > >I am using Tomcat 3.3.1 with Internet Web Application and after doing a >ETHICAL HACKING TEST, they discovered a problem in Tomcat session cookie >(JSESSIONID). >After reading Tomcat 3.3.2 manual , there is a atribute called >"secureCookie" that resolve my issue. BUT tomcat 3.3.2 is not released >yet. >My question is "Does this atribute called "secureCookie" exist in >TOMCAT 4 ?" > >Thanks in advanced > > > >Eduardo Campoy >Technology Account Manager >Novell, THE leading provider of net business solutions >Tel - 55 11 3345-3938 >Cel - 55 11 9232-7456 >AIM - ecampoy sao >MSN - [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
