/[Apache-SVN]

Revision 1719872

Jump to revision:
Author:	jleroux
Date:	Mon Dec 14 10:02:24 2015 UTC (8 years, 4 months ago)
Changed paths:	27
Log Message:	2 modified patches from Rahul Bhammarker for "Add session tracking mode and make cookie secure" https://issues.apache.org/jira/browse/OFBIZ-6655 Need to enhance security at web-app level. As per current implementation: - The cookie containing the session identifier is not secure - The session identifier is transmitted in the query string of the URL To fix these issue we have to add following session config otpions in web.xml {code} <session-config> <cookie-config> <http-only>true</http-only> <secure>true</secure> </cookie-config> <tracking-mode>COOKIE</tracking-mode> </session-config> {code} Also we need to update the web-app servlet specification from 2.3 to 3.0 {code} <web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"> {code} https://tomcat.apache.org/whichversion.html jleroux: these are only the framework+themes+applications patches, with 3 entries not applied

Changed paths

Path	Details
ofbiz/trunk/applications/accounting/webapp/accounting/WEB-INF/web.xml	modified , text changed
ofbiz/trunk/applications/accounting/webapp/ap/WEB-INF/web.xml	modified , text changed
ofbiz/trunk/applications/accounting/webapp/ar/WEB-INF/web.xml	modified , text changed
ofbiz/trunk/applications/commonext/webapp/WEB-INF/web.xml	modified , text changed
ofbiz/trunk/applications/commonext/webapp/ofbizsetup/WEB-INF/web.xml	modified , text changed
ofbiz/trunk/applications/commonext/webapp/ordermgr-js/WEB-INF/web.xml	modified , text changed
ofbiz/trunk/applications/content/webapp/content/WEB-INF/web.xml	modified , text changed
ofbiz/trunk/applications/content/webapp/contentimages/WEB-INF/web.xml	modified , text changed
ofbiz/trunk/applications/humanres/webapp/humanres/WEB-INF/web.xml	modified , text changed
ofbiz/trunk/applications/manufacturing/webapp/manufacturing/WEB-INF/web.xml	modified , text changed
ofbiz/trunk/applications/marketing/webapp/marketing/WEB-INF/web.xml	modified , text changed
ofbiz/trunk/applications/marketing/webapp/sfa/WEB-INF/web.xml	modified , text changed
ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/web.xml	modified , text changed
ofbiz/trunk/applications/party/webapp/partymgr/WEB-INF/web.xml	modified , text changed
ofbiz/trunk/applications/product/webapp/catalog/WEB-INF/web.xml	modified , text changed
ofbiz/trunk/applications/product/webapp/facility/WEB-INF/web.xml	modified , text changed
ofbiz/trunk/applications/workeffort/webapp/ical/WEB-INF/web.xml	modified , text changed
ofbiz/trunk/applications/workeffort/webapp/workeffort/WEB-INF/web.xml	modified , text changed
ofbiz/trunk/framework/images/webapp/images/WEB-INF/web.xml	modified , text changed
ofbiz/trunk/framework/resources/templates/web.xml	modified , text changed
ofbiz/trunk/framework/webtools/webapp/webtools/WEB-INF/web.xml	modified , text changed
ofbiz/trunk/themes/bizznesstime/webapp/bizznesstime/WEB-INF/web.xml	modified , text changed
ofbiz/trunk/themes/bluelight/webapp/bluelight/WEB-INF/web.xml	modified , text changed
ofbiz/trunk/themes/droppingcrumbs/webapp/droppingcrumbs/WEB-INF/web.xml	modified , text changed
ofbiz/trunk/themes/flatgrey/webapp/flatgrey/WEB-INF/web.xml	modified , text changed
ofbiz/trunk/themes/multiflex/webapp/multiflex/WEB-INF/web.xml	modified , text changed
ofbiz/trunk/themes/tomahawk/webapp/tomahawk/WEB-INF/web.xml	modified , text changed

infrastructure at apache.org	ViewVC Help
Powered by ViewVC 1.1.26