Title:
Bug 81187:When using the HTTPOnly flag in CFCOOKIE on a CF9 Web Application deployed on Tomcat 6, the cookie statement is improperly constructed resulting in appending the HTTPOnly statement to the cookie value
| View in TrackerStatus/Resolution/Reason: Closed/Fixed/
Reporter/Name(from Bugbase): Jason Dean / Jason Dean (Jason Dean)
Created: 12/15/2009
Components: Core Runtime, Session Management
Versions: 9.0
Failure Type: Unspecified
Found In Build/Fixed In Build: 9,0,0,251028 / 266957
Priority/Frequency: Normal / Most users will encounter
Locale/System: English / Win All
Vote Count: 0
Problem:
When using the HTTPOnly flag in CFCOOKIE on a CF9 Web Application deployed on Tomcat 6, the cookie statement is improperly constructed resulting in appending the HTTPOnly statement to the cookie value instead of making the cookie HTTPOnly.
Method:
<cfcookie name="CookieName" value="CookieValue" httponly="yes" />Results in a SET-COOKIE header like this:Set-Cookie: COOKIENAME="CookieValue; HttpOnly"; Path=/Instead of like the JRun version:Set-Cookie: COOKIENAME=CookieValue; HttpOnly; Version=1; Path=/
Result:
none
----------------------------- Additional Watson Details -----------------------------
Watson Bug ID: 3040612
External Customer Info:
External Company:
External Customer Name: Jason Dean
External Customer Email: 4EF2503348075808992015A9
External Test Config: 12/15/2009Attachments:
Comments: