Apache Wookie Release Notes
===========================
See https://issues.apache.org/jira/browse/WOOKIE-* (where * is the number of the issue below)

For more detailed information on significant changes, see NEW_AND_NOTEWORTHY

Version 1.0.0
==============

BUGS FIXED
==========

WOOKIE-420 	
NoClassDefFoundError: org/apache/wookie/messages on JBoss 7 / JDK 7

WOOKIE-424 	
NPE with Wookie.war deployed on WildFly 8.0.0.CR1

 
IMPROVEMENTS
============

WOOKIE-418
Create README and web documentation for deployment on WAS 7


NEW FEATURES
============

None

Known Issues
============

    * WOOKIE-222 - There is a known issue when using Tomcat 7.* with Wookie. Sometimes when a widget is actually 
    loaded, a browser alert box sometimes appears informing the user of a "Session Error". 

    This is caused by the DWR library used by Wookie for Comet-based widgets handling HTTP-only cookies incorrectly; 
    Tomcat 7 uses HTTP-only cookies as the default setting to prevent cross-site scripting (XSS) attacks.

    A workaround is to add the following to the WEB-INF/web.xml file

    <init-param>
        <param-name>crossDomainSessionSecurity</param-name>
        <param-value>false</param-value>
    </init-param>

    Note that XSS prevention will still be in place in Tomcat 7; this just disables the additional mechanism
    implemented in DWR that conflicts with it.
 
    This is an issue for DWR 2.* with Tomcat 7.* (or earlier versions of Tomcat where useHttpOnly="true" is set.)