Mantis Bugtracker
  

Viewing Issue Simple Details Jump to Notes ] View Advanced ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0005781 [Resin] minor always 07-24-14 09:56 09-12-14 11:22
Reporter nam View Status public  
Assigned To ferg
Priority normal Resolution no change required  
Status closed   Product Version
Summary 0005781: need fine-grained control of http-only cookies
Description (rep by dsryan)

Is there a way to make the session cookie http-only and not any app created cookies...I have set the cookie in the application to Cookie.setHttpOnly(false) but the resin app server setting <cookie-http-only> sets ALL cookies to http-only. Is there a way to only have the session cookie JSESSIONID be http-only where others are not?
Additional Information
Attached Files

- Relationships

- Notes
(0006528)
ferg
09-12-14 11:22

server/01ei

In Resin 4.0.41, the cookie-http-only only affects the session cookie, not application cookies.
 

- Issue History
Date Modified Username Field Change
07-24-14 09:56 nam New Issue
09-12-14 11:22 ferg Note Added: 0006528
09-12-14 11:22 ferg Assigned To  => ferg
09-12-14 11:22 ferg Status new => closed
09-12-14 11:22 ferg Resolution open => no change required
09-12-14 11:22 ferg Fixed in Version  => 4.0.41


Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
29 total queries executed.
26 unique queries executed.
Powered by Mantis Bugtracker