portals-portalapps-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Woonsan Ko (JIRA)" <j...@apache.org>
Subject [jira] Reopened: (APA-18) Reverse proxied web contents' Set-Cookie headers should be scoped in a path.
Date Thu, 05 Nov 2009 13:59:32 GMT

     [ https://issues.apache.org/jira/browse/APA-18?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Woonsan Ko reopened APA-18:
---------------------------


In some cases, some cookies have not better be path-scoped because some websites can have
strong assumption that its cookies are stored for the root path only.
So, I think the cookie path rewriting could have options for "includes" or "excludes" for
cookie names. For example, if a cookie name is registered as an exclude item, then the path
of the cookie will not be rewritten.
As an another example, if a "JSESSIONID" is registered as include item, then the cookie path
of JSESSIONID cookie only will be rewritten.

> Reverse proxied web contents' Set-Cookie headers should be scoped in a path.
> ----------------------------------------------------------------------------
>
>                 Key: APA-18
>                 URL: https://issues.apache.org/jira/browse/APA-18
>             Project: Portals Apps
>          Issue Type: Bug
>    Affects Versions: apa-webcontent-1.1
>            Reporter: Woonsan Ko
>            Assignee: Woonsan Ko
>             Fix For: apa-webcontent-1.1
>
>
> Reverse proxied web contents' Set-Cookie headers should be scoped in a path.
> If not, some critical cookie value such as JSESSIONID must be overwritten unexpectedly,
causing the current session gone.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message