• Type: Bug
• Resolution: Fixed
• Priority: Medium
• Fix Version/s: 2.5.2
• Affects Version/s: None
• Component/s: None
• Labels:

  • no-advisory-required
  • security

[CWD-2938] Set Crowd JSESSIONID as HTTPOnly in the default configuration

Monique Khairuliana (Inactive) made changes - 15/Aug/2019 7:05 AM

Workflow	Original: Simplified Crowd Development Workflow v2 - restricted [ 1509400 ]	New: JAC Bug Workflow v3 [ 3364557 ]
Status	Original: Resolved [ 5 ]	New: Closed [ 6 ]

Owen made changes - 07/Jul/2016 6:18 AM

Workflow

Original: Simplified Crowd Development Workflow v2 [ 1391301 ]

New: Simplified Crowd Development Workflow v2 - restricted [ 1509400 ]

Owen made changes - 12/May/2016 2:51 AM

Workflow

Original: Crowd Development Workflow v2 [ 410112 ]

New: Simplified Crowd Development Workflow v2 [ 1391301 ]

VitalyA made changes - 04/Oct/2012 4:02 AM

Labels

Original: security

New: no-advisory-required security

joe made changes - 04/Oct/2012 2:13 AM

Assignee

New: joe [ jwalton ]

joe made changes - 04/Oct/2012 2:13 AM

Fix Version/s		New: 2.5.2 [ 28296 ]
Resolution		New: Fixed [ 1 ]
Status	Original: Open [ 1 ]	New: Resolved [ 5 ]

Collapse comment: joe added a comment - 04/Oct/2012 1:08 AM

joe added a comment - 04/Oct/2012 1:08 AM

For existing installations, the Crowd Context in apache-tomcat/conf/Catalina/localhost/crowd.xml needs to be edited from:

<Context path="/crowd" docBase="../../crowd-webapp" debug="0">

to

<Context path="/crowd" docBase="../../crowd-webapp" debug="0" useHttpOnly="true">

Expand comment: joe added a comment - 04/Oct/2012 1:08 AM

joe added a comment - 04/Oct/2012 1:08 AM For existing installations, the Crowd Context in apache-tomcat/conf/Catalina/localhost/crowd.xml needs to be edited from: <Context path= "/crowd" docBase= "../../crowd-webapp" debug= "0" > to <Context path= "/crowd" docBase= "../../crowd-webapp" debug= "0" useHttpOnly= " true " >

VitalyA created issue - 04/Oct/2012 12:55 AM