Possibility to set secured cookies
Bug #567169 reported by
ikeike443
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
play framework |
Fix Committed
|
Undecided
|
Erwan Loisant | ||
1.1 |
Fix Committed
|
Undecided
|
Erwan Loisant |
Bug Description
I tried to set "secure" attribute to cookie by deploying on Tomcat.
I used mod_proxy_ajp, and wrote server.xml like this:
<Connector port="8009" secure="true"
1.3" />
Then, tomcat itself could set "secure", however play app on it
couldn't set.
Because, I think, play.mvc.
default and this field never turn to true except on parseRequest.
I think it can be customized by application.conf.
I would set this on application.conf like below.
application.
regards,
ikeike443
security vulnerability: | yes → no |
visibility: | private → public |
security vulnerability: | no → yes |
summary: |
- play.mvc.Http.Cookie set its "secure" field to "false" by default and - this field never turn to be true except on parseRequest + Possibility to set secure cookies |
summary: |
- Possibility to set secure cookies + Possibility to set secured cookies |
security vulnerability: | yes → no |
Changed in play: | |
assignee: | nobody → Erwan Loisant (eloisant) |
Changed in play: | |
status: | New → Fix Committed |
To post a comment you must log in.
Ignore me, I was working on a broken server