Possibility to set secured cookies
Bug #567169 reported by
ikeike443
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| play framework |
Fix Committed
|
Undecided
|
Erwan Loisant | ||
| 1.1 |
Fix Committed
|
Undecided
|
Erwan Loisant | ||
Bug Description
I tried to set "secure" attribute to cookie by deploying on Tomcat.
I used mod_proxy_ajp, and wrote server.xml like this:
<Connector port="8009" secure="true"
1.3" />
Then, tomcat itself could set "secure", however play app on it
couldn't set.
Because, I think, play.mvc.
default and this field never turn to true except on parseRequest.
I think it can be customized by application.conf.
I would set this on application.conf like below.
application.
regards,
ikeike443
| security vulnerability: | yes → no |
| visibility: | private → public |
| security vulnerability: | no → yes |
| summary: |
- play.mvc.Http.Cookie set its "secure" field to "false" by default and - this field never turn to be true except on parseRequest + Possibility to set secure cookies |
| summary: |
- Possibility to set secure cookies + Possibility to set secured cookies |
| security vulnerability: | yes → no |
| Changed in play: | |
| assignee: | nobody → Erwan Loisant (eloisant) |
| Changed in play: | |
| status: | New → Fix Committed |
Revision history for this message
| Geoff (sharkymail) wrote | #3 |
Revision history for this message
| Erwan Loisant (eloisant) wrote | #4 |
To post a comment you must log in.
Ignore me, I was working on a broken server