Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-3234

Make use of setHttpOnly(boolean) in Servlet 3.0 rather than the workaround in CookieUtils.addCookieToResponse

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 11.0.0, 12.0.0
    • Fix Version/s: 12.0.0
    • Component/s: authentication
    • Labels:
      None
    • Support Ticket IDs:

      Description

      Look to make use of the Servlet 3.0 feature of setting the HttpOnly flag on a Cookie when Servlet 3.0 is consistently available in all supported OpenAM containers.

      Currently CookieUtils.addCookieToResponse is handling this as a workaround due to it not being available in earlier Servlet API's.

      http://docs.oracle.com/javaee/6/api/javax/servlet/http/Cookie.html#setHttpOnly(boolean)

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                peter.major Peter Major
                Reporter:
                markdr Mark de Reeper
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: