projects / online-glom:gwt-glom.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9b5f6da) | patch
Prevent client code from reading our client cookie.
authorMurray Cumming <murrayc@murrayc.com>
Wed, 19 Dec 2012 21:26:39 +0000 (22:26 +0100)
committerMurray Cumming <murrayc@murrayc.com>
Wed, 19 Dec 2012 21:27:30 +0000 (22:27 +0100)
commit4149279001acf32b38240fbc3456c68f22864e76
treea2122430e2dc0dc049338781e237dea420683f03tree | snapshot
parent9b5f6da52c181263bb9fc91598287c65b71f009fcommit | diff
Prevent client code from reading our client cookie.

        * pom.xml: Use a later javax.servlet version than we seem to
get automatically, probably via GWT, so we have the
Cookie.setSecure() method, though I cannot find out when it
was added.
        * src/main/java/org/glom/web/server/OnlineGlomLoginServlet.java:
        checkAuthentication(): Call setSecure() on the Cookie, so it
can only be retrieved via HTTP(S), not by client code,
making it harder for Javascript to hijack the session.
ChangeLog diff | blob | history
pom.xml diff | blob | history
src/main/java/org/glom/web/server/OnlineGlomLoginServlet.java diff | blob | history
3588367351ee6b8a4fb5bb546975a07e72