From 7cb634e9b16d531092f77e15a0eb2e45a9953bdc Mon Sep 17 00:00:00 2001
From: fhanik <fhanik@13f79535-47bb-0310-9956-ffa450edef68>
Date: Thu, 5 Mar 2009 00:34:29 +0000
Subject: [PATCH] Make the useHttpOnly a Context attribute

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@750257 13f79535-47bb-0310-9956-ffa450edef68
---
 java/org/apache/catalina/Context.java              | 16 ++++++++++
 java/org/apache/catalina/Manager.java              | 18 ------------
 java/org/apache/catalina/connector/Request.java    |  2 +-
 java/org/apache/catalina/core/StandardContext.java | 34 ++++++++++++++++++++++
 java/org/apache/catalina/session/ManagerBase.java  | 26 -----------------
 webapps/docs/config/context.xml                    |  7 +++++
 webapps/docs/config/manager.xml                    |  6 ----
 7 files changed, 58 insertions(+), 51 deletions(-)

diff --git a/java/org/apache/catalina/Context.java b/java/org/apache/catalina/Context.java
index 7a4096cab..0727b7a03 100644
--- a/java/org/apache/catalina/Context.java
+++ b/java/org/apache/catalina/Context.java
@@ -181,8 +181,24 @@ public interface Context extends Container {
      */
     public void setCookies(boolean cookies);
 
+    /**
+     * Gets the value of the use HttpOnly cookies for session cookies flag.
+     * 
+     * @return <code>true</code> if the HttpOnly flag should be set on session
+     *         cookies
+     */
+    public boolean getUseHttpOnly();
+
 
     /**
+     * Sets the use HttpOnly cookies for session cookies flag.
+     * 
+     * @param useHttpOnly   Set to <code>true</code> to use HttpOnly cookies
+     *                          for session cookies
+     */
+    public void setUseHttpOnly(boolean useHttpOnly);
+    
+    /**
      * Return the "allow crossing servlet contexts" flag.
      */
     public boolean getCrossContext();
diff --git a/java/org/apache/catalina/Manager.java b/java/org/apache/catalina/Manager.java
index 51c24f62c..8c214ca83 100644
--- a/java/org/apache/catalina/Manager.java
+++ b/java/org/apache/catalina/Manager.java
@@ -240,24 +240,6 @@ public interface Manager {
     public void setSessionAverageAliveTime(int sessionAverageAliveTime);
 
 
-    /**
-     * Gets the value of the use HttpOnly cookies for session cookies flag.
-     * 
-     * @return <code>true</code> if the HttpOnly flag should be set on session
-     *         cookies
-     */
-    public boolean getUseHttpOnly();
-
-
-    /**
-     * Sets the use HttpOnly cookies for session cookies flag.
-     * 
-     * @param useHttpOnly   Set to <code>true</code> to use HttpOnly cookies
-     *                          for session cookies
-     */
-    public void setUseHttpOnly(boolean useHttpOnly);
-
-
     // --------------------------------------------------------- Public Methods
 
 
diff --git a/java/org/apache/catalina/connector/Request.java b/java/org/apache/catalina/connector/Request.java
index a9c379e48..67c49df98 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -2455,7 +2455,7 @@ public class Request
         }
 
         if ((scc != null && scc.isHttpOnly()) ||
-                context.getManager().getUseHttpOnly()) {
+                context.getUseHttpOnly()) {
             cookie.setHttpOnly(true);
         }
         
diff --git a/java/org/apache/catalina/core/StandardContext.java b/java/org/apache/catalina/core/StandardContext.java
index 9acef0aa1..f82f35ad5 100644
--- a/java/org/apache/catalina/core/StandardContext.java
+++ b/java/org/apache/catalina/core/StandardContext.java
@@ -700,6 +700,13 @@ public class StandardContext
      */
     private boolean saveConfig = true;
 
+    /**
+     * The flag that indicates that session cookies should use HttpOnly
+     */
+    private boolean useHttpOnly = true;
+
+
+
 
     // ----------------------------------------------------- Context Properties
 
@@ -1114,6 +1121,33 @@ public class StandardContext
                                    new Boolean(this.cookies));
 
     }
+    
+    /**
+     * Gets the value of the use HttpOnly cookies for session cookies flag.
+     * 
+     * @return <code>true</code> if the HttpOnly flag should be set on session
+     *         cookies
+     */
+    public boolean getUseHttpOnly() {
+        return useHttpOnly;
+    }
+
+
+    /**
+     * Sets the use HttpOnly cookies for session cookies flag.
+     * 
+     * @param useHttpOnly   Set to <code>true</code> to use HttpOnly cookies
+     *                          for session cookies
+     */
+    public void setUseHttpOnly(boolean useHttpOnly) {
+        boolean oldUseHttpOnly = this.useHttpOnly;
+        this.useHttpOnly = useHttpOnly;
+        support.firePropertyChange("useHttpOnly",
+                new Boolean(oldUseHttpOnly),
+                new Boolean(this.useHttpOnly));
+    }
+    
+    
 
 
     /**
diff --git a/java/org/apache/catalina/session/ManagerBase.java b/java/org/apache/catalina/session/ManagerBase.java
index 8f5749fcc..9a46d24e2 100644
--- a/java/org/apache/catalina/session/ManagerBase.java
+++ b/java/org/apache/catalina/session/ManagerBase.java
@@ -217,10 +217,6 @@ public abstract class ManagerBase implements Manager, MBeanRegistration {
      */
     protected PropertyChangeSupport support = new PropertyChangeSupport(this);
     
-    /**
-     * The flag that indicates that session cookies should use HttpOnly
-     */
-    protected boolean useHttpOnly = true;
 
     // ------------------------------------------------------------- Security classes
 
@@ -658,28 +654,6 @@ public abstract class ManagerBase implements Manager, MBeanRegistration {
                                    new Integer(this.processExpiresFrequency));
 
     }
-
-    /**
-     * Gets the value of the use HttpOnly cookies for session cookies flag.
-     * 
-     * @return <code>true</code> if the HttpOnly flag should be set on session
-     *         cookies
-     */
-    public boolean getUseHttpOnly() {
-        return useHttpOnly;
-    }
-
-
-    /**
-     * Sets the use HttpOnly cookies for session cookies flag.
-     * 
-     * @param useHttpOnly   Set to <code>true</code> to use HttpOnly cookies
-     *                          for session cookies
-     */
-    public void setUseHttpOnly(boolean useHttpOnly) {
-        this.useHttpOnly = useHttpOnly;
-    }
-    
     // --------------------------------------------------------- Public Methods
 
 
diff --git a/webapps/docs/config/context.xml b/webapps/docs/config/context.xml
index 088acd1b6..90f22f427 100644
--- a/webapps/docs/config/context.xml
+++ b/webapps/docs/config/context.xml
@@ -229,6 +229,13 @@
         implementation class that will be used for servlets managed by this
         Context.  If not specified, a standard default value will be used.</p>
       </attribute>
+      
+      <attribute name="useHttpOnly" required="false">
+       <p>Should the HttpOnly flag be set on session cookies to prevent client
+          side script from accessing the session ID? Defaults to
+          <code>true</code>.</p>
+      </attribute>
+      
 
     </attributes>
 
diff --git a/webapps/docs/config/manager.xml b/webapps/docs/config/manager.xml
index 5df2640ec..321bd1713 100644
--- a/webapps/docs/config/manager.xml
+++ b/webapps/docs/config/manager.xml
@@ -157,12 +157,6 @@
         The default is 16.</p>
       </attribute>
 
-      <attribute name="useHttpOnly" required="false">
-       <p>Should the HttpOnly flag be set on session cookies to prevent client
-          side script from accessing the session ID? Defaults to
-          <code>true</code>.</p>
-      </attribute>
-
     </attributes>
 
     <h3>Persistent Manager Implementation</h3>
-- 
2.11.0