Author: remy.maucherat(a)jboss.com Date: 2014-08-26 07:57:43 -0400 (Tue, 26 Aug 2014) New Revision: 2494 Modified: branches/7.5.x/src/main/java/org/apache/catalina/authenticator/SingleSignOn.java Log: Related to EAP6-257: default httponly for sso to true since it probably doesn't hurt. Modified: branches/7.5.x/src/main/java/org/apache/catalina/authenticator/SingleSignOn.java =================================================================== --- branches/7.5.x/src/main/java/org/apache/catalina/authenticator/SingleSignOn.java 2014-08-26 06:56:30 UTC (rev 2493) +++ branches/7.5.x/src/main/java/org/apache/catalina/authenticator/SingleSignOn.java 2014-08-26 11:57:43 UTC (rev 2494) @@ -124,7 +124,7 @@ /** * Optional SSO HTTP only. */ - protected boolean cookieHttpOnly = false; + protected boolean cookieHttpOnly = true; // ------------------------------------------------------------- Properties