glassfish
  1. glassfish
  2. GLASSFISH-12431

CookieSecure property doesn't work in sun-web.xml

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Blocker Blocker
    • Resolution: Fixed
    • Affects Version/s: v3.0.1
    • Fix Version/s: 3.1_b08
    • Component/s: web_container
    • Labels:
      None
    • Environment:

      Operating System: All
      Platform: All

    • Issuezilla Id:
      12,431

      Description

      If webapp being deploy has web.xml with cookie configs, e.g.:
      <session-config>
      <cookie-config>
      <http-only>true</http-only>
      </cookie-config>
      </session-config>

      than JSESSIONID cookie's secure attribute becomes "false", though "cookieSecure"
      property should be "dynamic" by default.
      Nevertheless implicit setting "cookieSecure" property in sun-web.xml doesn't work:
      <sun-web-app>
      <session-config>
      <cookie-properties>
      <property name="cookieSecure" value="[true|false|dynamic]"/>
      </cookie-properties>
      </session-config>
      </sun-web-app>

      So there is no ability to set both HttpOnly flag, and dynamic secure flag on
      JSESSIONID cookie.

        Activity

        Hide
        koloale added a comment -
            • Issue 12431 has been confirmed by votes. ***
        Show
        koloale added a comment - Issue 12431 has been confirmed by votes. ***
        Hide
        Tom Mueller added a comment -

        Looks like this is a deployment issue.

        Show
        Tom Mueller added a comment - Looks like this is a deployment issue.
        Hide
        Shing Wai Chan added a comment -

        reassigned

        Show
        Shing Wai Chan added a comment - reassigned
        Hide
        Shing Wai Chan added a comment -

        Sending
        web-glue/src/main/java/com/sun/enterprise/web/TomcatDeploymentConfig.java
        Sending web-glue/src/main/java/com/sun/enterprise/web/pwc/PwcWebModule.java
        Sending
        web-glue/src/main/java/com/sun/enterprise/web/pwc/connector/coyote/PwcCoyoteRequest.java
        Sending
        web-glue/src/main/java/com/sun/enterprise/web/session/SessionCookieConfig.java
        Transmitting file data ....
        Committed revision 38286.

        Show
        Shing Wai Chan added a comment - Sending web-glue/src/main/java/com/sun/enterprise/web/TomcatDeploymentConfig.java Sending web-glue/src/main/java/com/sun/enterprise/web/pwc/PwcWebModule.java Sending web-glue/src/main/java/com/sun/enterprise/web/pwc/connector/coyote/PwcCoyoteRequest.java Sending web-glue/src/main/java/com/sun/enterprise/web/session/SessionCookieConfig.java Transmitting file data .... Committed revision 38286.
        Hide
        Shing Wai Chan added a comment -

        Additional fix: clean up code and set session parameter correctly
        Sending web-core/src/main/java/org/apache/catalina/Context.java
        Sending
        web-core/src/main/java/org/apache/catalina/connector/CoyoteAdapter.java
        Sending web-core/src/main/java/org/apache/catalina/connector/Request.java
        Sending web-core/src/main/java/org/apache/catalina/connector/Response.java
        Sending
        web-core/src/main/java/org/apache/catalina/core/SessionCookieConfigImpl.java
        Sending web-core/src/main/java/org/apache/catalina/core/StandardContext.java
        Sending web-core/src/main/java/org/apache/catalina/realm/RealmBase.java
        Sending
        web-glue/src/main/java/com/sun/enterprise/web/TomcatDeploymentConfig.java
        Sending
        web-glue/src/main/java/com/sun/enterprise/web/session/SessionCookieConfig.java
        Transmitting file data .........
        Committed revision 38330.

        Show
        Shing Wai Chan added a comment - Additional fix: clean up code and set session parameter correctly Sending web-core/src/main/java/org/apache/catalina/Context.java Sending web-core/src/main/java/org/apache/catalina/connector/CoyoteAdapter.java Sending web-core/src/main/java/org/apache/catalina/connector/Request.java Sending web-core/src/main/java/org/apache/catalina/connector/Response.java Sending web-core/src/main/java/org/apache/catalina/core/SessionCookieConfigImpl.java Sending web-core/src/main/java/org/apache/catalina/core/StandardContext.java Sending web-core/src/main/java/org/apache/catalina/realm/RealmBase.java Sending web-glue/src/main/java/com/sun/enterprise/web/TomcatDeploymentConfig.java Sending web-glue/src/main/java/com/sun/enterprise/web/session/SessionCookieConfig.java Transmitting file data ......... Committed revision 38330.

          People

          • Assignee:
            Shing Wai Chan
            Reporter:
            koloale
          • Votes:
            2 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: