glassfish
  1. glassfish
  2. GLASSFISH-16370

JSESSIONIDSSO cookie should have HttpOnly attribute by default

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.1.1_b02
    • Component/s: web_container
    • Labels:
      None

      Description

      By default, other session related cookies have HttpOnly attribute.
      But this is not the case for SSO.

        Activity

        Hide
        Shing Wai Chan added a comment -
        • Why fix this issue in 3.1.1?
          Secure opinion out of the box.
        • Which is the targeted build of 3.1.1 for this fix?
          Build 2.
        • Do regression tests exist for this issue?
          No
        • Which tests should QA (re)run to verify the fix did not destabilize GlassFish?
          web SSO tests.
        Show
        Shing Wai Chan added a comment - Why fix this issue in 3.1.1? Secure opinion out of the box. Which is the targeted build of 3.1.1 for this fix? Build 2. Do regression tests exist for this issue? No Which tests should QA (re)run to verify the fix did not destabilize GlassFish? web SSO tests.
        Hide
        Shing Wai Chan added a comment -

        fix in trunk
        Sending config-api/src/main/java/com/sun/enterprise/config/serverbeans/VirtualServer.java
        Transmitting file data .
        Committed revision 46211.

        Show
        Shing Wai Chan added a comment - fix in trunk Sending config-api/src/main/java/com/sun/enterprise/config/serverbeans/VirtualServer.java Transmitting file data . Committed revision 46211.
        Hide
        scatari added a comment -

        Approved.

        Show
        scatari added a comment - Approved.
        Hide
        Shing Wai Chan added a comment -

        port fix to 3.1.1
        Sending src/main/java/com/sun/enterprise/config/serverbeans/VirtualServer.java
        Transmitting file data .
        Committed revision 46221.

        Show
        Shing Wai Chan added a comment - port fix to 3.1.1 Sending src/main/java/com/sun/enterprise/config/serverbeans/VirtualServer.java Transmitting file data . Committed revision 46221.

          People

          • Assignee:
            Shing Wai Chan
            Reporter:
            Shing Wai Chan
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: