Anonymous | Login | Signup for a new account | 05-11-2024 05:31 PDT |
Main | My View | View Issues | Change Log | Docs |
Viewing Issue Advanced Details [ Jump to Notes ] | [ View Simple ] [ Issue History ] [ Print ] | ||||||||
ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||||
0005781 | [Resin] | minor | always | 07-24-14 09:56 | 09-12-14 11:22 | ||||
Reporter | nam | View Status | public | ||||||
Assigned To | ferg | ||||||||
Priority | normal | Resolution | no change required | Platform | |||||
Status | closed | OS | |||||||
Projection | none | OS Version | |||||||
ETA | none | Fixed in Version | 4.0.41 | Product Version | |||||
Product Build | |||||||||
Summary | 0005781: need fine-grained control of http-only cookies | ||||||||
Description |
(rep by dsryan) Is there a way to make the session cookie http-only and not any app created cookies...I have set the cookie in the application to Cookie.setHttpOnly(false) but the resin app server setting <cookie-http-only> sets ALL cookies to http-only. Is there a way to only have the session cookie JSESSIONID be http-only where others are not? |
||||||||
Steps To Reproduce | |||||||||
Additional Information | |||||||||
Attached Files | |||||||||
|
Notes | |
(0006528) ferg 09-12-14 11:22 |
server/01ei In Resin 4.0.41, the cookie-http-only only affects the session cookie, not application cookies. |
Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
29 total queries executed. 26 unique queries executed. |