OFBiz › OFBiz - Commits

svn commit: r1719872 [1/2] - in /ofbiz/trunk: applications/accounting/webapp/accounting/WEB-INF/ applications/accounting/webapp/ap/WEB-INF/ applications/accounting/webapp/ar/WEB-INF/ applications/commonext/webapp/WEB-INF/ applications/commonext/webapp/...

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

1 message

jleroux@apache.org

svn commit: r1719872 [1/2] - in /ofbiz/trunk: applications/accounting/webapp/accounting/WEB-INF/ applications/accounting/webapp/ap/WEB-INF/ applications/accounting/webapp/ar/WEB-INF/ applications/commonext/webapp/WEB-INF/ applications/commonext/webapp/...

Author: jleroux
Date: Mon Dec 14 10:02:24 2015
New Revision: 1719872

URL: http://svn.apache.org/viewvc?rev=1719872&view=rev
Log:
2 modified patches from Rahul Bhammarker for "Add session tracking mode and make cookie secure" https://issues.apache.org/jira/browse/OFBIZ-6655

Need to enhance security at web-app level.
As per current implementation:
- The cookie containing the session identifier is not secure
- The session identifier is transmitted in the query string of the URL

To fix these issue we have to add following session config otpions in web.xml
{code}
<session-config>
<cookie-config>
<http-only>true</http-only>
<secure>true</secure>
</cookie-config>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
{code}

Also we need to update the web-app servlet specification from 2.3 to 3.0
{code}
<web-app version="3.0"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
{code}
https://tomcat.apache.org/whichversion.html

jleroux: these are only the framework+themes+applications patches, with 3 entries not applied

Modified:
ofbiz/trunk/applications/accounting/webapp/accounting/WEB-INF/web.xml
ofbiz/trunk/applications/accounting/webapp/ap/WEB-INF/web.xml
ofbiz/trunk/applications/accounting/webapp/ar/WEB-INF/web.xml
ofbiz/trunk/applications/commonext/webapp/WEB-INF/web.xml
ofbiz/trunk/applications/commonext/webapp/ofbizsetup/WEB-INF/web.xml
ofbiz/trunk/applications/commonext/webapp/ordermgr-js/WEB-INF/web.xml
ofbiz/trunk/applications/content/webapp/content/WEB-INF/web.xml
ofbiz/trunk/applications/content/webapp/contentimages/WEB-INF/web.xml
ofbiz/trunk/applications/humanres/webapp/humanres/WEB-INF/web.xml
ofbiz/trunk/applications/manufacturing/webapp/manufacturing/WEB-INF/web.xml
ofbiz/trunk/applications/marketing/webapp/marketing/WEB-INF/web.xml
ofbiz/trunk/applications/marketing/webapp/sfa/WEB-INF/web.xml
ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/web.xml
ofbiz/trunk/applications/party/webapp/partymgr/WEB-INF/web.xml
ofbiz/trunk/applications/product/webapp/catalog/WEB-INF/web.xml
ofbiz/trunk/applications/product/webapp/facility/WEB-INF/web.xml
ofbiz/trunk/applications/workeffort/webapp/ical/WEB-INF/web.xml
ofbiz/trunk/applications/workeffort/webapp/workeffort/WEB-INF/web.xml
ofbiz/trunk/framework/images/webapp/images/WEB-INF/web.xml
ofbiz/trunk/framework/resources/templates/web.xml
ofbiz/trunk/framework/webtools/webapp/webtools/WEB-INF/web.xml
ofbiz/trunk/themes/bizznesstime/webapp/bizznesstime/WEB-INF/web.xml
ofbiz/trunk/themes/bluelight/webapp/bluelight/WEB-INF/web.xml
ofbiz/trunk/themes/droppingcrumbs/webapp/droppingcrumbs/WEB-INF/web.xml
ofbiz/trunk/themes/flatgrey/webapp/flatgrey/WEB-INF/web.xml
ofbiz/trunk/themes/multiflex/webapp/multiflex/WEB-INF/web.xml
ofbiz/trunk/themes/tomahawk/webapp/tomahawk/WEB-INF/web.xml

Modified: ofbiz/trunk/applications/accounting/webapp/accounting/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/accounting/webapp/accounting/WEB-INF/web.xml?rev=1719872&r1=1719871&r2=1719872&view=diff
==============================================================================
--- ofbiz/trunk/applications/accounting/webapp/accounting/WEB-INF/web.xml (original)
+++ ofbiz/trunk/applications/accounting/webapp/accounting/WEB-INF/web.xml Mon Dec 14 10:02:24 2015
@@ -1,5 +1,4 @@
<?xml version="1.0"?>
-<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">



-<web-app>
+<web-app version="3.0"
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>Apache OFBiz - Accounting Manager</display-name>
<description>Accounting Manager Module of the Apache OFBiz Project</description>

<context-param>
+ <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
<param-name>entityDelegatorName</param-name>
<param-value>default</param-value>
- <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
</context-param>
<context-param>
+ <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
<param-name>localDispatcherName</param-name>
<param-value>accounting</param-value>
- <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
</context-param>
<context-param>
+ <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
<param-name>mainDecoratorLocation</param-name>
<param-value>component://accounting/widget/CommonScreens.xml</param-value>
- <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
</context-param>
<context-param>
+ <description>The location of the CommonPartyDecorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
<param-name>partyDecoratorLocation</param-name>
<param-value>component://accounting/widget/CommonScreens.xml</param-value>
- <description>The location of the CommonPartyDecorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
</context-param>

<filter>
- <filter-name>ContextFilter</filter-name>
<display-name>ContextFilter</display-name>
+ <filter-name>ContextFilter</filter-name>
<filter-class>org.ofbiz.webapp.control.ContextFilter</filter-class>
<init-param>
<param-name>disableContextSecurity</param-name>
@@ -77,9 +80,9 @@ under the License.


<servlet>
- <servlet-name>ControlServlet</servlet-name>
- <display-name>ControlServlet</display-name>
<description>Main Control Servlet</description>
+ <display-name>ControlServlet</display-name>
+ <servlet-name>ControlServlet</servlet-name>
<servlet-class>org.ofbiz.webapp.control.ControlServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
@@ -90,6 +93,11 @@ under the License.

<session-config>
<session-timeout>60</session-timeout> 
+ <cookie-config>
+ <http-only>true</http-only>
+ <secure>true</secure>
+ </cookie-config>
+ <tracking-mode>COOKIE</tracking-mode>
</session-config>

<welcome-file-list>

Modified: ofbiz/trunk/applications/accounting/webapp/ap/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/accounting/webapp/ap/WEB-INF/web.xml?rev=1719872&r1=1719871&r2=1719872&view=diff
==============================================================================
--- ofbiz/trunk/applications/accounting/webapp/ap/WEB-INF/web.xml (original)
+++ ofbiz/trunk/applications/accounting/webapp/ap/WEB-INF/web.xml Mon Dec 14 10:02:24 2015
@@ -1,5 +1,4 @@
<?xml version="1.0"?>
-<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">

-<web-app>
+<web-app version="3.0"
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>Apache OFBiz - Account Payable</display-name>
<description>Accounting Payable Module of the Apache OFBiz Project</description>

<context-param>
+ <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
<param-name>entityDelegatorName</param-name>
<param-value>default</param-value>
- <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
</context-param>
<context-param>
+ <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
<param-name>localDispatcherName</param-name>
<param-value>ap</param-value>
- <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
</context-param>
<context-param>
+ <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
<param-name>mainDecoratorLocation</param-name>
<param-value>component://accounting/widget/ap/CommonScreens.xml</param-value>
- <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
</context-param>
<context-param>
+ <description>The location of the CommonPartyDecorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
<param-name>partyDecoratorLocation</param-name>
<param-value>component://accounting/widget/CommonScreens.xml</param-value>
- <description>The location of the CommonPartyDecorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
</context-param>

<filter>
- <filter-name>ContextFilter</filter-name>
<display-name>ContextFilter</display-name>
+ <filter-name>ContextFilter</filter-name>
<filter-class>org.ofbiz.webapp.control.ContextFilter</filter-class>
<init-param>
<param-name>disableContextSecurity</param-name>
@@ -71,9 +74,9 @@ under the License.


<servlet>
- <servlet-name>ControlServlet</servlet-name>
- <display-name>ControlServlet</display-name>
<description>Main Control Servlet</description>
+ <display-name>ControlServlet</display-name>
+ <servlet-name>ControlServlet</servlet-name>
<servlet-class>org.ofbiz.webapp.control.ControlServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
@@ -83,6 +86,11 @@ under the License.
</servlet-mapping>
<session-config>
<session-timeout>60</session-timeout> 
+ <cookie-config>
+ <http-only>true</http-only>
+ <secure>true</secure>
+ </cookie-config>
+ <tracking-mode>COOKIE</tracking-mode>
</session-config>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>

Modified: ofbiz/trunk/applications/accounting/webapp/ar/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/accounting/webapp/ar/WEB-INF/web.xml?rev=1719872&r1=1719871&r2=1719872&view=diff
==============================================================================
--- ofbiz/trunk/applications/accounting/webapp/ar/WEB-INF/web.xml (original)
+++ ofbiz/trunk/applications/accounting/webapp/ar/WEB-INF/web.xml Mon Dec 14 10:02:24 2015
@@ -1,5 +1,4 @@
<?xml version="1.0"?>
-<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">



-<web-app>
+<web-app version="3.0"
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>Apache OFBiz - Account Receivable</display-name>
<description>Accounting Receivable Module of the Apache OFBiz Project</description>

<context-param>
+ <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
<param-name>entityDelegatorName</param-name>
<param-value>default</param-value>
- <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
</context-param>
<context-param>
+ <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
<param-name>localDispatcherName</param-name>
<param-value>ar</param-value>
- <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
</context-param>
<context-param>
+ <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
<param-name>mainDecoratorLocation</param-name>
<param-value>component://accounting/widget/ar/CommonScreens.xml</param-value>
- <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
</context-param>
<context-param>
+ <description>The location of the CommonPartyDecorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
<param-name>partyDecoratorLocation</param-name>
<param-value>component://accounting/widget/CommonScreens.xml</param-value>
- <description>The location of the CommonPartyDecorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
</context-param>

<filter>
- <filter-name>ContextFilter</filter-name>
<display-name>ContextFilter</display-name>
+ <filter-name>ContextFilter</filter-name>
<filter-class>org.ofbiz.webapp.control.ContextFilter</filter-class>
<init-param>
<param-name>disableContextSecurity</param-name>
@@ -77,9 +80,9 @@ under the License.


<servlet>
- <servlet-name>ControlServlet</servlet-name>
- <display-name>ControlServlet</display-name>
<description>Main Control Servlet</description>
+ <display-name>ControlServlet</display-name>
+ <servlet-name>ControlServlet</servlet-name>
<servlet-class>org.ofbiz.webapp.control.ControlServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
@@ -90,6 +93,11 @@ under the License.

<session-config>
<session-timeout>60</session-timeout> 
+ <cookie-config>
+ <http-only>true</http-only>
+ <secure>true</secure>
+ </cookie-config>
+ <tracking-mode>COOKIE</tracking-mode>
</session-config>

<welcome-file-list>

Modified: ofbiz/trunk/applications/commonext/webapp/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/commonext/webapp/WEB-INF/web.xml?rev=1719872&r1=1719871&r2=1719872&view=diff
==============================================================================
--- ofbiz/trunk/applications/commonext/webapp/WEB-INF/web.xml (original)
+++ ofbiz/trunk/applications/commonext/webapp/WEB-INF/web.xml Mon Dec 14 10:02:24 2015
@@ -1,5 +1,4 @@
<?xml version="1.0"?>
-<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">



-<web-app>
+<web-app version="3.0"
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>Apache OFBiz - Common application extension</display-name>
<description>Common application extension Module of the Apache OFBiz Project</description>

<context-param>
+ <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
<param-name>entityDelegatorName</param-name>
<param-value>default</param-value>
- <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
</context-param>
<context-param>
+ <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
<param-name>localDispatcherName</param-name>
<param-value>commonext</param-value>
- <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
</context-param>
<context-param>
+ <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
<param-name>mainDecoratorLocation</param-name>
<param-value>component://commonext/widget/CommonScreens.xml</param-value>
- <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
</context-param>
<context-param>
+ <description>BeanShell Script Location</description>
<param-name>scriptLocationPath</param-name>
<param-value>/WEB-INF/bsh</param-value>
- <description>BeanShell Script Location</description>
</context-param>

<filter>
- <filter-name>ContextFilter</filter-name>
- <display-name>ContextFilter</display-name>
- <filter-class>org.ofbiz.webapp.control.ContextFilter</filter-class>
+ <display-name>ContextFilter</display-name>
+ <filter-name>ContextFilter</filter-name>
+ <filter-class>org.ofbiz.webapp.control.ContextFilter</filter-class>
<init-param>
<param-name>disableContextSecurity</param-name>
<param-value>N</param-value>
@@ -77,9 +80,9 @@ under the License.


<servlet>
- <servlet-name>ControlServlet</servlet-name>
- <display-name>ControlServlet</display-name>
<description>Main Control Servlet</description>
+ <display-name>ControlServlet</display-name>
+ <servlet-name>ControlServlet</servlet-name>
<servlet-class>org.ofbiz.webapp.control.ControlServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
@@ -90,6 +93,11 @@ under the License.

<session-config>
<session-timeout>60</session-timeout> 
+ <cookie-config>
+ <http-only>true</http-only>
+ <secure>true</secure>
+ </cookie-config>
+ <tracking-mode>COOKIE</tracking-mode>
</session-config>

</web-app>

Modified: ofbiz/trunk/applications/commonext/webapp/ofbizsetup/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/commonext/webapp/ofbizsetup/WEB-INF/web.xml?rev=1719872&r1=1719871&r2=1719872&view=diff
==============================================================================
--- ofbiz/trunk/applications/commonext/webapp/ofbizsetup/WEB-INF/web.xml (original)
+++ ofbiz/trunk/applications/commonext/webapp/ofbizsetup/WEB-INF/web.xml Mon Dec 14 10:02:24 2015
@@ -1,5 +1,4 @@
<?xml version="1.0"?>
-<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">



-<web-app>
+<web-app version="3.0"
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>Apache OFBiz - Setup Manager</display-name>
<description>Setup Manager Module of the Apache OFBiz Project</description>

<context-param>
+ <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
<param-name>entityDelegatorName</param-name>
<param-value>default</param-value>
- <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
</context-param>
<context-param>
+ <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
<param-name>localDispatcherName</param-name>
<param-value>setup</param-value>
- <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
</context-param>
<context-param>
+ <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
<param-name>mainDecoratorLocation</param-name>
<param-value>component://commonext/widget/ofbizsetup/CommonScreens.xml</param-value>
- <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
</context-param>
<context-param>
+ <description>BeanShell Script Location</description>
<param-name>scriptLocationPath</param-name>
<param-value>/WEB-INF/bsh</param-value>
- <description>BeanShell Script Location</description>
</context-param>

<filter>
- <filter-name>ContextFilter</filter-name>
<display-name>ContextFilter</display-name>
+ <filter-name>ContextFilter</filter-name>
<filter-class>org.ofbiz.webapp.control.ContextFilter</filter-class>
<init-param>
<param-name>disableContextSecurity</param-name>
@@ -77,9 +80,9 @@


<servlet>
- <servlet-name>ControlServlet</servlet-name>
- <display-name>ControlServlet</display-name>
<description>Main Control Servlet</description>
+ <display-name>ControlServlet</display-name>
+ <servlet-name>ControlServlet</servlet-name>
<servlet-class>org.ofbiz.webapp.control.ControlServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
@@ -90,6 +93,11 @@

<session-config>
<session-timeout>60</session-timeout> 
+ <cookie-config>
+ <http-only>true</http-only>
+ <secure>true</secure>
+ </cookie-config>
+ <tracking-mode>COOKIE</tracking-mode>
</session-config>

<welcome-file-list>

Modified: ofbiz/trunk/applications/commonext/webapp/ordermgr-js/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/commonext/webapp/ordermgr-js/WEB-INF/web.xml?rev=1719872&r1=1719871&r2=1719872&view=diff
==============================================================================
--- ofbiz/trunk/applications/commonext/webapp/ordermgr-js/WEB-INF/web.xml (original)
+++ ofbiz/trunk/applications/commonext/webapp/ordermgr-js/WEB-INF/web.xml Mon Dec 14 10:02:24 2015
@@ -16,11 +16,20 @@
limitations under the License.
-->

-<!DOCTYPE web-app
- PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
- "http://java.sun.com/dtd/web-app_2_3.dtd">
-
-<web-app>
+
+<web-app version="3.0"
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>Empty placeholder</display-name>
<description>Empty placeholder, see http://svn.apache.org/viewvc?view=revision&revision=1612202 </description>
+ <session-config>
+ <session-timeout>60</session-timeout> 
+ <cookie-config>
+ <http-only>true</http-only>
+ <secure>true</secure>
+ </cookie-config>
+ <tracking-mode>COOKIE</tracking-mode>
+ </session-config>
</web-app>

Modified: ofbiz/trunk/applications/content/webapp/content/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/content/webapp/content/WEB-INF/web.xml?rev=1719872&r1=1719871&r2=1719872&view=diff
==============================================================================
--- ofbiz/trunk/applications/content/webapp/content/WEB-INF/web.xml (original)
+++ ofbiz/trunk/applications/content/webapp/content/WEB-INF/web.xml Mon Dec 14 10:02:24 2015
@@ -1,5 +1,4 @@
<?xml version="1.0"?>
-<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">



-<web-app>
+<web-app version="3.0"
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>Apache OFBiz - Content Manager</display-name>
<description>Content Manager Module of the Apache OFBiz Project</description>

<context-param>
+ <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
<param-name>entityDelegatorName</param-name>
<param-value>default</param-value>
- <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
</context-param>
<context-param>
+ <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
<param-name>localDispatcherName</param-name>
<param-value>content</param-value>
- <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
</context-param>
<context-param>
+ <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
<param-name>mainDecoratorLocation</param-name>
<param-value>component://content/widget/CommonScreens.xml</param-value>
- <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
</context-param>
<context-param>
+ <description>The location of the cms decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
<param-name>cmsDecoratorLocation</param-name>
<param-value>component://content/widget/CommonScreens.xml</param-value>
- <description>The location of the cms decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
</context-param>

<filter>
- <filter-name>ContextFilter</filter-name>
<display-name>ContextFilter</display-name>
+ <filter-name>ContextFilter</filter-name>
<filter-class>org.ofbiz.webapp.control.ContextFilter</filter-class>
<init-param>
<param-name>disableContextSecurity</param-name>
@@ -77,9 +80,9 @@ under the License.


<servlet>
- <servlet-name>ControlServlet</servlet-name>
- <display-name>ControlServlet</display-name>
<description>Main Control Servlet</description>
+ <display-name>ControlServlet</display-name>
+ <servlet-name>ControlServlet</servlet-name>
<servlet-class>org.ofbiz.webapp.control.ControlServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
@@ -90,6 +93,11 @@ under the License.

<session-config>
<session-timeout>60</session-timeout> 
+ <cookie-config>
+ <http-only>true</http-only>
+ <secure>true</secure>
+ </cookie-config>
+ <tracking-mode>COOKIE</tracking-mode>
</session-config>

<welcome-file-list>

Modified: ofbiz/trunk/applications/content/webapp/contentimages/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/content/webapp/contentimages/WEB-INF/web.xml?rev=1719872&r1=1719871&r2=1719872&view=diff
==============================================================================
--- ofbiz/trunk/applications/content/webapp/contentimages/WEB-INF/web.xml (original)
+++ ofbiz/trunk/applications/content/webapp/contentimages/WEB-INF/web.xml Mon Dec 14 10:02:24 2015
@@ -16,11 +16,24 @@
limitations under the License.
-->

-<!DOCTYPE web-app
- PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
- "http://java.sun.com/dtd/web-app_2_3.dtd">
-
-<web-app>
- <display-name>Empty placeholder</display-name>
+
+<web-app version="3.0"
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
+ <display-name> version="3.0"
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"Empty placeholder</display-name>
<description>Empty placeholder, see http://svn.apache.org/viewvc?view=revision&revision=1658621 </description>
+ <session-config>
+ <session-timeout>60</session-timeout> 
+ <cookie-config>
+ <http-only>true</http-only>
+ <secure>true</secure>
+ </cookie-config>
+ <tracking-mode>COOKIE</tracking-mode>
+ </session-config>
</web-app>

Modified: ofbiz/trunk/applications/humanres/webapp/humanres/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/humanres/webapp/humanres/WEB-INF/web.xml?rev=1719872&r1=1719871&r2=1719872&view=diff
==============================================================================
--- ofbiz/trunk/applications/humanres/webapp/humanres/WEB-INF/web.xml (original)
+++ ofbiz/trunk/applications/humanres/webapp/humanres/WEB-INF/web.xml Mon Dec 14 10:02:24 2015
@@ -1,5 +1,4 @@
<?xml version="1.0"?>
-<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">



-<web-app>
+<web-app version="3.0"
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>Apache OFBiz - HumanRes Manager</display-name>
<description>HumanRes Manager Module of the Apache OFBiz Project</description>

<context-param>
+ <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
<param-name>entityDelegatorName</param-name>
<param-value>default</param-value>
- <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
</context-param>
<context-param>
+ <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
<param-name>localDispatcherName</param-name>
<param-value>Humanres</param-value>
- <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
</context-param>
<context-param>
+ <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
<param-name>mainDecoratorLocation</param-name>
<param-value>component://humanres/widget/CommonScreens.xml</param-value>
- <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
</context-param>

<filter>
- <filter-name>ContextFilter</filter-name>
<display-name>ContextFilter</display-name>
+ <filter-name>ContextFilter</filter-name>
<filter-class>org.ofbiz.webapp.control.ContextFilter</filter-class>
<init-param>
<param-name>disableContextSecurity</param-name>
@@ -72,9 +75,9 @@ under the License.


<servlet>
- <servlet-name>ControlServlet</servlet-name>
- <display-name>ControlServlet</display-name>
<description>Main Control Servlet</description>
+ <display-name>ControlServlet</display-name>
+ <servlet-name>ControlServlet</servlet-name>
<servlet-class>org.ofbiz.webapp.control.ControlServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
@@ -85,6 +88,11 @@ under the License.

<session-config>
<session-timeout>60</session-timeout> 
+ <cookie-config>
+ <http-only>true</http-only>
+ <secure>true</secure>
+ </cookie-config>
+ <tracking-mode>COOKIE</tracking-mode>
</session-config>

<welcome-file-list>

Modified: ofbiz/trunk/applications/manufacturing/webapp/manufacturing/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/manufacturing/webapp/manufacturing/WEB-INF/web.xml?rev=1719872&r1=1719871&r2=1719872&view=diff
==============================================================================
--- ofbiz/trunk/applications/manufacturing/webapp/manufacturing/WEB-INF/web.xml (original)
+++ ofbiz/trunk/applications/manufacturing/webapp/manufacturing/WEB-INF/web.xml Mon Dec 14 10:02:24 2015
@@ -1,5 +1,4 @@
<?xml version="1.0"?>
-<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">



-<web-app>
+<web-app version="3.0"
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>Apache OFBiz - Manufacturing Manager</display-name>
<description>Manufacturing Manager Module by TAU Informatica srl</description>

<context-param>
+ <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
<param-name>entityDelegatorName</param-name>
<param-value>default</param-value>
- <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
</context-param>
<context-param>
+ <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
<param-name>localDispatcherName</param-name>
<param-value>manufacturing</param-value>
- <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
</context-param>
<context-param>
- <param-name>mainDecoratorLocation</param-name>
- <param-value>component://manufacturing/widget/manufacturing/CommonScreens.xml</param-value>
- <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
+ <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
+ <param-name>mainDecoratorLocation</param-name>
+ <param-value>component://manufacturing/widget/manufacturing/CommonScreens.xml</param-value>
</context-param>
<filter>
- <filter-name>ContextFilter</filter-name>
<display-name>ContextFilter</display-name>
+ <filter-name>ContextFilter</filter-name>
<filter-class>org.ofbiz.webapp.control.ContextFilter</filter-class>
<init-param>
<param-name>disableContextSecurity</param-name>
@@ -71,8 +74,8 @@ under the License.


<servlet>
- <servlet-name>ControlServlet</servlet-name>
<display-name>ControlServlet</display-name>
+ <servlet-name>ControlServlet</servlet-name>
<description>Main Control Servlet</description>
<servlet-class>org.ofbiz.webapp.control.ControlServlet</servlet-class>
<load-on-startup>1</load-on-startup>
@@ -84,6 +87,11 @@ under the License.

<session-config>
<session-timeout>60</session-timeout> 
+ <cookie-config>
+ <http-only>true</http-only>
+ <secure>true</secure>
+ </cookie-config>
+ <tracking-mode>COOKIE</tracking-mode>
</session-config>

<welcome-file-list>

Modified: ofbiz/trunk/applications/marketing/webapp/marketing/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/marketing/webapp/marketing/WEB-INF/web.xml?rev=1719872&r1=1719871&r2=1719872&view=diff
==============================================================================
--- ofbiz/trunk/applications/marketing/webapp/marketing/WEB-INF/web.xml (original)
+++ ofbiz/trunk/applications/marketing/webapp/marketing/WEB-INF/web.xml Mon Dec 14 10:02:24 2015
@@ -1,5 +1,4 @@
<?xml version="1.0"?>
-<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">



-<web-app>
+<web-app version="3.0"
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>Apache OFBiz - Marketing Manager</display-name>
<description>Marketing Manager Module of the Apache OFBiz Project</description>

<context-param>
+ <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
<param-name>entityDelegatorName</param-name>
<param-value>default</param-value>
- <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
</context-param>
<context-param>
+ <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
<param-name>localDispatcherName</param-name>
<param-value>marketing</param-value>
- <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
</context-param>
<context-param>
+ <description>BeanShell Script Location</description>
<param-name>scriptLocationPath</param-name>
<param-value>/WEB-INF/bsh</param-value>
- <description>BeanShell Script Location</description>
</context-param>
<context-param>
+ <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
<param-name>mainDecoratorLocation</param-name>
<param-value>component://marketing/widget/CommonScreens.xml</param-value>
- <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
</context-param>

<filter>
- <filter-name>ContextFilter</filter-name>
<display-name>ContextFilter</display-name>
+ <filter-name>ContextFilter</filter-name>
<filter-class>org.ofbiz.webapp.control.ContextFilter</filter-class>
<init-param>
<param-name>disableContextSecurity</param-name>
@@ -77,9 +80,9 @@ under the License.


<servlet>
- <servlet-name>ControlServlet</servlet-name>
- <display-name>ControlServlet</display-name>
<description>Main Control Servlet</description>
+ <display-name>ControlServlet</display-name>
+ <servlet-name>ControlServlet</servlet-name>
<servlet-class>org.ofbiz.webapp.control.ControlServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
@@ -90,6 +93,11 @@ under the License.

<session-config>
<session-timeout>60</session-timeout> 
+ <cookie-config>
+ <http-only>true</http-only>
+ <secure>true</secure>
+ </cookie-config>
+ <tracking-mode>COOKIE</tracking-mode>
</session-config>

<welcome-file-list>

Modified: ofbiz/trunk/applications/marketing/webapp/sfa/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/marketing/webapp/sfa/WEB-INF/web.xml?rev=1719872&r1=1719871&r2=1719872&view=diff
==============================================================================
--- ofbiz/trunk/applications/marketing/webapp/sfa/WEB-INF/web.xml (original)
+++ ofbiz/trunk/applications/marketing/webapp/sfa/WEB-INF/web.xml Mon Dec 14 10:02:24 2015
@@ -1,5 +1,4 @@
<?xml version="1.0"?>
-<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">



-<web-app>
+<web-app version="3.0"
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>Apache OFBiz - SFA Manager</display-name>
<description>SFA Manager Module of the Apache OFBiz Project</description>

<context-param>
+ <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
<param-name>entityDelegatorName</param-name>
<param-value>default</param-value>
- <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
</context-param>
<context-param>
+ <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
<param-name>localDispatcherName</param-name>
<param-value>sfa</param-value>
- <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
</context-param>
<context-param>
+ <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
<param-name>mainDecoratorLocation</param-name>
<param-value>component://marketing/widget/sfa/CommonScreens.xml</param-value>
- <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
</context-param>

<filter>
- <filter-name>ContextFilter</filter-name>
<display-name>ContextFilter</display-name>
+ <filter-name>ContextFilter</filter-name>
<filter-class>org.ofbiz.webapp.control.ContextFilter</filter-class>
<init-param>
<param-name>disableContextSecurity</param-name>
@@ -72,9 +75,9 @@ under the License.


<servlet>
- <servlet-name>ControlServlet</servlet-name>
- <display-name>ControlServlet</display-name>
<description>Main Control Servlet</description>
+ <display-name>ControlServlet</display-name>
+ <servlet-name>ControlServlet</servlet-name>
<servlet-class>org.ofbiz.webapp.control.ControlServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
@@ -85,6 +88,11 @@ under the License.

<session-config>
<session-timeout>60</session-timeout> 
+ <cookie-config>
+ <http-only>true</http-only>
+ <secure>true</secure>
+ </cookie-config>
+ <tracking-mode>COOKIE</tracking-mode>
</session-config>

<welcome-file-list>

Modified: ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/web.xml?rev=1719872&r1=1719871&r2=1719872&view=diff
==============================================================================
--- ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/web.xml (original)
+++ ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/web.xml Mon Dec 14 10:02:24 2015
@@ -1,5 +1,4 @@
<?xml version="1.0"?>
-<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">



-<web-app>
+<web-app version="3.0"
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>Apache OFBiz - Order Manager</display-name>
<description>Order Manager Module of the Apache OFBiz Project</description>

<context-param>
+ <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
<param-name>entityDelegatorName</param-name>
<param-value>default</param-value>
- <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
</context-param>
<context-param>
+ <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
<param-name>localDispatcherName</param-name>
<param-value>order</param-value>
- <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
</context-param>
<context-param>
+ <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
<param-name>mainDecoratorLocation</param-name>
<param-value>component://order/widget/ordermgr/CommonScreens.xml</param-value>
- <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
</context-param>

<filter>
- <filter-name>ContextFilter</filter-name>
<display-name>ContextFilter</display-name>
+ <filter-name>ContextFilter</filter-name>
<filter-class>org.ofbiz.webapp.control.ContextFilter</filter-class>
<init-param>
<param-name>disableContextSecurity</param-name>
@@ -73,16 +76,16 @@ under the License.


<servlet>
- <servlet-name>ControlServlet</servlet-name>
- <display-name>ControlServlet</display-name>
<description>Main Control Servlet</description>
+ <display-name>ControlServlet</display-name>
+ <servlet-name>ControlServlet</servlet-name>
<servlet-class>org.ofbiz.webapp.control.ControlServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
- <servlet-name>CatalogUrlServlet</servlet-name>
- <display-name>CatalogUrlServlet</display-name>
<description>Catalog (Category/Product) URL Servlet</description>
+ <display-name>CatalogUrlServlet</display-name>
+ <servlet-name>CatalogUrlServlet</servlet-name>
<servlet-class>org.ofbiz.product.category.CatalogUrlServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
@@ -98,6 +101,11 @@ under the License.

<session-config>
<session-timeout>60</session-timeout> 
+ <cookie-config>
+ <http-only>true</http-only>
+ <secure>true</secure>
+ </cookie-config>
+ <tracking-mode>COOKIE</tracking-mode>
</session-config>

<welcome-file-list>

Modified: ofbiz/trunk/applications/party/webapp/partymgr/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/party/webapp/partymgr/WEB-INF/web.xml?rev=1719872&r1=1719871&r2=1719872&view=diff
==============================================================================
--- ofbiz/trunk/applications/party/webapp/partymgr/WEB-INF/web.xml (original)
+++ ofbiz/trunk/applications/party/webapp/partymgr/WEB-INF/web.xml Mon Dec 14 10:02:24 2015
@@ -1,5 +1,4 @@
<?xml version="1.0"?>
-<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">



-<web-app>
- <display-name>Apache OFBiz - Party Manager</display-name>
+<web-app version="3.0"
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<description>Party Manager Module of the Apache OFBiz Project</description>
+ <display-name>Apache OFBiz - Party Manager</display-name>

<context-param>
+ <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
<param-name>entityDelegatorName</param-name>
<param-value>default</param-value>
- <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
</context-param>
<context-param>
+ <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
<param-name>localDispatcherName</param-name>
<param-value>partymgr</param-value>
- <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
</context-param>
<context-param>
+ <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
<param-name>mainDecoratorLocation</param-name>
<param-value>component://party/widget/partymgr/CommonScreens.xml</param-value>
- <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
</context-param>

<filter>
- <filter-name>ContextFilter</filter-name>
- <display-name>ContextFilter</display-name>
- <filter-class>org.ofbiz.webapp.control.ContextFilter</filter-class>
+ <display-name>ContextFilter</display-name>
+ <filter-name>ContextFilter</filter-name>
+ <filter-class>org.ofbiz.webapp.control.ContextFilter</filter-class>
<init-param>
<param-name>disableContextSecurity</param-name>
<param-value>N</param-value>
@@ -70,11 +73,11 @@ under the License.
<listener><listener-class>org.ofbiz.webapp.control.LoginEventListener</listener-class></listener>


+ <description>Main Control Servlet</description>

<servlet>
- <servlet-name>ControlServlet</servlet-name>
<display-name>ControlServlet</display-name>
- <description>Main Control Servlet</description>
+ <servlet-name>ControlServlet</servlet-name>
<servlet-class>org.ofbiz.webapp.control.ControlServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
@@ -85,6 +88,11 @@ under the License.

<session-config>
<session-timeout>60</session-timeout> 
+ <cookie-config>
+ <http-only>true</http-only>
+ <secure>true</secure>
+ </cookie-config>
+ <tracking-mode>COOKIE</tracking-mode>
</session-config>

<welcome-file-list>

Modified: ofbiz/trunk/applications/product/webapp/catalog/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/webapp/catalog/WEB-INF/web.xml?rev=1719872&r1=1719871&r2=1719872&view=diff
==============================================================================
--- ofbiz/trunk/applications/product/webapp/catalog/WEB-INF/web.xml (original)
+++ ofbiz/trunk/applications/product/webapp/catalog/WEB-INF/web.xml Mon Dec 14 10:02:24 2015
@@ -1,5 +1,4 @@
<?xml version="1.0"?>
-<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">



-<web-app>
+<web-app version="3.0"
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>Apache OFBiz - Catalog</display-name>
<description>Catalog Module of the Apache OFBiz Project</description>

<context-param>
- <param-name>entityDelegatorName</param-name>
- <param-value>default</param-value>
- <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
+ <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
+ <param-name>entityDelegatorName</param-name>
+ <param-value>default</param-value>
</context-param>
<context-param>
+ <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
<param-name>localDispatcherName</param-name>
<param-value>catalog</param-value>
- <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
</context-param>
<context-param>
+ <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
<param-name>mainDecoratorLocation</param-name>
<param-value>component://product/widget/catalog/CommonScreens.xml</param-value>
- <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
</context-param>

<filter>
- <filter-name>ContextFilter</filter-name>
<display-name>ContextFilter</display-name>
+ <filter-name>ContextFilter</filter-name>
<filter-class>org.ofbiz.webapp.control.ContextFilter</filter-class>
<init-param>
<param-name>disableContextSecurity</param-name>
@@ -72,17 +75,17 @@ under the License.


<servlet>
- <servlet-name>ControlServlet</servlet-name>
- <display-name>ControlServlet</display-name>
<description>Main Control Servlet</description>
+ <display-name>ControlServlet</display-name>
+ <servlet-name>ControlServlet</servlet-name>
<servlet-class>org.ofbiz.webapp.control.ControlServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>

<servlet>
- <servlet-name>ImageUrlServlet</servlet-name>
- <display-name>ImageUrlServlet</display-name>
<description>Image URL Servlet</description>
+ <display-name>ImageUrlServlet</display-name>
+ <servlet-name>ImageUrlServlet</servlet-name>
<servlet-class>org.ofbiz.product.imagemanagement.ImageUrlServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
@@ -99,6 +102,11 @@ under the License.

<session-config>
<session-timeout>60</session-timeout> 
+ <cookie-config>
+ <http-only>true</http-only>
+ <secure>true</secure>
+ </cookie-config>
+ <tracking-mode>COOKIE</tracking-mode>
</session-config>

<welcome-file-list>

Modified: ofbiz/trunk/applications/product/webapp/facility/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/webapp/facility/WEB-INF/web.xml?rev=1719872&r1=1719871&r2=1719872&view=diff
==============================================================================
--- ofbiz/trunk/applications/product/webapp/facility/WEB-INF/web.xml (original)
+++ ofbiz/trunk/applications/product/webapp/facility/WEB-INF/web.xml Mon Dec 14 10:02:24 2015
@@ -1,5 +1,4 @@
<?xml version="1.0"?>
-<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">



-<web-app>
+<web-app version="3.0"
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>Apache OFBiz - Facility Manager</display-name>
<description>Facility Manager Module of the Apache OFBiz Project</description>

<context-param>
+ <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
<param-name>entityDelegatorName</param-name>
<param-value>default</param-value>
- <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
</context-param>
<context-param>
+ <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
<param-name>localDispatcherName</param-name>
<param-value>facility</param-value>
- <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
</context-param>
<context-param>
+ <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
<param-name>mainDecoratorLocation</param-name>
<param-value>component://product/widget/facility/CommonScreens.xml</param-value>
- <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
</context-param>
<context-param>
+ <description>The location of the CommonFacilityDecorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
<param-name>commonFacilityDecoratorLocation</param-name>
<param-value>component://product/widget/facility/CommonScreens.xml</param-value>
- <description>The location of the CommonFacilityDecorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
</context-param>

<filter>
- <filter-name>ContextFilter</filter-name>
<display-name>ContextFilter</display-name>
+ <filter-name>ContextFilter</filter-name>
<filter-class>org.ofbiz.webapp.control.ContextFilter</filter-class>
<init-param>
<param-name>disableContextSecurity</param-name>
@@ -77,16 +80,16 @@ under the License.


<servlet>
- <servlet-name>ControlServlet</servlet-name>
- <display-name>ControlServlet</display-name>
<description>Main Control Servlet</description>
+ <display-name>ControlServlet</display-name>
+ <servlet-name>ControlServlet</servlet-name>
<servlet-class>org.ofbiz.webapp.control.ControlServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
- <servlet-name>ShippingAPI</servlet-name>
- <display-name>ShippingAPI</display-name>
<description>Mock USPS Webtools API Servlet</description>
+ <display-name>ShippingAPI</display-name>
+ <servlet-name>ShippingAPI</servlet-name>
<servlet-class>org.ofbiz.shipment.thirdparty.usps.UspsMockApiServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
@@ -101,6 +104,11 @@ under the License.

<session-config>
<session-timeout>60</session-timeout> 
+ <cookie-config>
+ <http-only>true</http-only>
+ <secure>true</secure>
+ </cookie-config>
+ <tracking-mode>COOKIE</tracking-mode>
</session-config>

<welcome-file-list>

Modified: ofbiz/trunk/applications/workeffort/webapp/ical/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/workeffort/webapp/ical/WEB-INF/web.xml?rev=1719872&r1=1719871&r2=1719872&view=diff
==============================================================================
--- ofbiz/trunk/applications/workeffort/webapp/ical/WEB-INF/web.xml (original)
+++ ofbiz/trunk/applications/workeffort/webapp/ical/WEB-INF/web.xml Mon Dec 14 10:02:24 2015
@@ -1,5 +1,4 @@
<?xml version="1.0"?>
-<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">



-<web-app>
- <display-name>Apache OFBiz - iCalendar Server</display-name>
- <description>iCalendar Server Module of the Apache OFBiz Project</description>
-
- <context-param>
- <param-name>entityDelegatorName</param-name>
- <param-value>default</param-value>
- <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
- </context-param>
- <context-param>
- <param-name>localDispatcherName</param-name>
- <param-value>ical</param-value>
- <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
- </context-param>
- <context-param>
- <param-name>requestHandlerFactoryClass</param-name>
- <param-value>org.ofbiz.workeffort.workeffort.ICalHandlerFactory</param-value>
- </context-param>
+<web-app version="3.0"
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
+ <display-name>Apache OFBiz - iCalendar Server</display-name>
+ <description>iCalendar Server Module of the Apache OFBiz Project</description>
+
+ <context-param>
+ <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
+ <param-name>entityDelegatorName</param-name>
+ <param-value>default</param-value>
+ </context-param>
+ <context-param>
+ <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
+ <param-name>localDispatcherName</param-name>
+ <param-value>ical</param-value>
+ </context-param>
+ <context-param>
+ <param-name>requestHandlerFactoryClass</param-name>
+ <param-value>org.ofbiz.workeffort.workeffort.ICalHandlerFactory</param-value>
+ </context-param>

<filter>
- <filter-name>ContextFilter</filter-name>
<display-name>ContextFilter</display-name>
+ <filter-name>ContextFilter</filter-name>
<filter-class>org.ofbiz.webapp.control.ContextFilter</filter-class>
<init-param>
<param-name>disableContextSecurity</param-name>
@@ -49,7 +52,9 @@ under the License.
</init-param>
<init-param>
<param-name>allowedPaths</param-name>
- <param-value>/error:/control:/select:/index.html:/index.jsp:/default.html:/default.jsp:/images:/includes/maincss.css</param-value>
+ <param-value>
+ /error:/control:/select:/index.html:/index.jsp:/default.html:/default.jsp:/images:/includes/maincss.css
+ </param-value>
</init-param>
<init-param>
<param-name>errorCode</param-name>
@@ -62,30 +67,40 @@ under the License.
</filter>
<filter-mapping>
<filter-name>ContextFilter</filter-name>
- <url-pattern>/*</url-pattern>
+ <url-pattern>/*</url-pattern>
</filter-mapping>
- <listener><listener-class>org.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
- <listener><listener-class>org.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
- 
- 
-
- <servlet>
- <servlet-name>iCalendarServlet</servlet-name>
- <display-name>iCalendarServlet</display-name>
- <description>iCalendar WebDAV Servlet</description>
- <servlet-class>org.ofbiz.webapp.webdav.WebDavServlet</servlet-class>
- <load-on-startup>1</load-on-startup>
- </servlet>
- <servlet-mapping>
- <servlet-name>iCalendarServlet</servlet-name>
- <url-pattern>/*</url-pattern>
- </servlet-mapping>
-
- <session-config>
- <session-timeout>60</session-timeout> 
- </session-config>
-
- <welcome-file-list>
- <welcome-file>index.jsp</welcome-file>
- </welcome-file-list>
+ <listener>
+ <listener-class>org.ofbiz.webapp.control.ControlEventListener</listener-class>
+ </listener>
+ <listener>
+ <listener-class>org.ofbiz.webapp.control.LoginEventListener</listener-class>
+ </listener>
+ 
+ 
+
+ <servlet>
+ <description>iCalendar WebDAV Servlet</description>
+ <display-name>iCalendarServlet</display-name>
+ <servlet-name>iCalendarServlet</servlet-name>
+ <servlet-class>org.ofbiz.webapp.webdav.WebDavServlet</servlet-class>
+ <load-on-startup>1</load-on-startup>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>iCalendarServlet</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+
+ <session-config>
+ <session-timeout>60</session-timeout>
+ 
+ <cookie-config>
+ <http-only>true</http-only>
+ <secure>true</secure>
+ </cookie-config>
+ <tracking-mode>COOKIE</tracking-mode>
+ </session-config>
+
+ <welcome-file-list>
+ <welcome-file>index.jsp</welcome-file>
+ </welcome-file-list>
</web-app>

Modified: ofbiz/trunk/applications/workeffort/webapp/workeffort/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/workeffort/webapp/workeffort/WEB-INF/web.xml?rev=1719872&r1=1719871&r2=1719872&view=diff
==============================================================================
--- ofbiz/trunk/applications/workeffort/webapp/workeffort/WEB-INF/web.xml (original)
+++ ofbiz/trunk/applications/workeffort/webapp/workeffort/WEB-INF/web.xml Mon Dec 14 10:02:24 2015
@@ -1,5 +1,4 @@
<?xml version="1.0"?>
-<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">



-<web-app>
- <display-name>Apache OFBiz - Work Manager</display-name>
- <description>Work Manager Module of the Apache OFBiz Project</description>
-
- <context-param>
- <param-name>entityDelegatorName</param-name>
- <param-value>default</param-value>
- <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
- </context-param>
- <context-param>
- <param-name>localDispatcherName</param-name>
- <param-value>workeffort</param-value>
- <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
- </context-param>
- <context-param>
- <param-name>scriptLocationPath</param-name>
- <param-value>/WEB-INF/bsh</param-value>
- <description>BeanShell Script Location</description>
- </context-param>
- <context-param>
- <param-name>mainDecoratorLocation</param-name>
- <param-value>component://workeffort/widget/CommonScreens.xml</param-value>
- <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
- </context-param>
+<web-app version="3.0"
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
+ <display-name>Apache OFBiz - Work Manager</display-name>
+ <description>Work Manager Module of the Apache OFBiz Project</description>
+
+ <context-param>
+ <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
+ <param-name>entityDelegatorName</param-name>
+ <param-value>default</param-value>
+ </context-param>
+ <context-param>
+ <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
+ <param-name>localDispatcherName</param-name>
+ <param-value>workeffort</param-value>
+ </context-param>
+ <context-param>
+ <description>BeanShell Script Location</description>
+ <param-name>scriptLocationPath</param-name>
+ <param-value>/WEB-INF/bsh</param-value>
+ </context-param>
+ <context-param>
+ <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable
+ in screen def XML files.
+ </description>
+ <param-name>mainDecoratorLocation</param-name>
+ <param-value>component://workeffort/widget/CommonScreens.xml</param-value>
+ </context-param>

<filter>
- <filter-name>ContextFilter</filter-name>
<display-name>ContextFilter</display-name>
+ <filter-name>ContextFilter</filter-name>
<filter-class>org.ofbiz.webapp.control.ContextFilter</filter-class>
<init-param>
<param-name>disableContextSecurity</param-name>
@@ -55,7 +60,9 @@ under the License.
</init-param>
<init-param>
<param-name>allowedPaths</param-name>
- <param-value>/error:/control:/select:/index.html:/index.jsp:/default.html:/default.jsp:/images:/includes/maincss.css</param-value>
+ <param-value>
+ /error:/control:/select:/index.html:/index.jsp:/default.html:/default.jsp:/images:/includes/maincss.css
+ </param-value>
</init-param>
<init-param>
<param-name>errorCode</param-name>
@@ -68,90 +75,100 @@ under the License.
</filter>
<filter-mapping>
<filter-name>ContextFilter</filter-name>
- <url-pattern>/*</url-pattern>
+ <url-pattern>/*</url-pattern>
</filter-mapping>

- <listener><listener-class>org.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
- <listener><listener-class>org.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
- 
- 
-
- <servlet>
- <servlet-name>ControlServlet</servlet-name>
- <display-name>ControlServlet</display-name>
- <description>Main Control Servlet</description>
- <servlet-class>org.ofbiz.webapp.control.ControlServlet</servlet-class>
- <load-on-startup>1</load-on-startup>
- </servlet>
- <servlet-mapping>
- <servlet-name>ControlServlet</servlet-name>
- <url-pattern>/control/*</url-pattern>
- </servlet-mapping>
-
- <session-config>
- <session-timeout>60</session-timeout> 
- </session-config>
-
- <welcome-file-list>
- <welcome-file>index.jsp</welcome-file>
- </welcome-file-list>
-
-
-
-
-
+ <listener>
+ <listener-class>org.ofbiz.webapp.control.ControlEventListener</listener-class>
+ </listener>
+ <listener>
+ <listener-class>org.ofbiz.webapp.control.LoginEventListener</listener-class>
+ </listener>
+ 
+ 
+
+ <servlet>
+ <description>Main Control Servlet</description>
+ <display-name>ControlServlet</display-name>
+ <servlet-name>ControlServlet</servlet-name>
+ <servlet-class>org.ofbiz.webapp.control.ControlServlet</servlet-class>
+ <load-on-startup>1</load-on-startup>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>ControlServlet</servlet-name>
+ <url-pattern>/control/*</url-pattern>
+ </servlet-mapping>
+
+ <session-config>
+ <session-timeout>60</session-timeout>
+ 
+ <cookie-config>
+ <http-only>true</http-only>
+ <secure>true</secure>
+ </cookie-config>
+ <tracking-mode>COOKIE</tracking-mode>
+ </session-config>
+
+ <welcome-file-list>
+ <welcome-file>index.jsp</welcome-file>
+ </welcome-file-list>
+ 
+
+ 
+
+ 

-
+ 
</web-app>

Modified: ofbiz/trunk/framework/images/webapp/images/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/images/webapp/images/WEB-INF/web.xml?rev=1719872&r1=1719871&r2=1719872&view=diff
==============================================================================
--- ofbiz/trunk/framework/images/webapp/images/WEB-INF/web.xml (original)
+++ ofbiz/trunk/framework/images/webapp/images/WEB-INF/web.xml Mon Dec 14 10:02:24 2015
@@ -1,5 +1,4 @@
<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">


-<web-app>
+<web-app version="3.0"
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>Apache OFBiz - demostore images</display-name>
<description>Demo Store Images for the Apache OFBiz Project</description>

<session-config>
<session-timeout>1</session-timeout>
+ <cookie-config>
+ <http-only>true</http-only>
+ <secure>true</secure>
+ </cookie-config>
+ <tracking-mode>COOKIE</tracking-mode>
</session-config>

<welcome-file-list>

Modified: ofbiz/trunk/framework/resources/templates/web.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/resources/templates/web.xml?rev=1719872&r1=1719871&r2=1719872&view=diff
==============================================================================
--- ofbiz/trunk/framework/resources/templates/web.xml (original)
+++ ofbiz/trunk/framework/resources/templates/web.xml Mon Dec 14 10:02:24 2015
@@ -1,6 +1,9 @@
<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
-<web-app>
+<web-app version="3.0"
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>Apache OFBiz - @component-resource-name@ Component</display-name>
<description>@component-resource-name@ Component of the Apache OFBiz Project</description>

@@ -10,17 +13,17 @@
<description>A unique ID used to look up the WebSite entity. Only for component using a WebSite entity, like ecommerce</description>
</context-param-->
<context-param>
- <param-name>localDispatcherName</param-name><param-value>@component-name@</param-value>
<description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
+ <param-name>localDispatcherName</param-name><param-value>@component-name@</param-value>
</context-param>
<context-param>
- <param-name>entityDelegatorName</param-name><param-value>default</param-value>
<description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
+ <param-name>entityDelegatorName</param-name><param-value>default</param-value>
</context-param>
<context-param>
+ <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
<param-name>mainDecoratorLocation</param-name>
<param-value>component://@component-name@/widget/CommonScreens.xml</param-value>
- <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
</context-param>

<context-param>
+ <description>Remove unnecessary whitespace from HTML output.</description>
<param-name>compressHTML</param-name>
<param-value>false</param-value>
- <description>Remove unnecessary whitespace from HTML output.</description>
</context-param>

<filter>
- <filter-name>ContextFilter</filter-name>
<display-name>ContextFilter</display-name>
+ <filter-name>ContextFilter</filter-name>
<filter-class>org.ofbiz.webapp.control.ContextFilter</filter-class>
<init-param><param-name>disableContextSecurity</param-name><param-value>N</param-value></init-param>
<init-param>
@@ -55,15 +58,22 @@


<servlet>
- <servlet-name>ControlServlet</servlet-name>
- <display-name>ControlServlet</display-name>
<description>Main Control Servlet</description>
+ <display-name>ControlServlet</display-name>
+ <servlet-name>ControlServlet</servlet-name>
<servlet-class>org.ofbiz.webapp.control.ControlServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping><servlet-name>ControlServlet</servlet-name><url-pattern>/control/*</url-pattern></servlet-mapping>

- <session-config><session-timeout>60</session-timeout></session-config>
+ <session-config>
+ <session-timeout>60</session-timeout>
+ <cookie-config>
+ <http-only>true</http-only>
+ <secure>true</secure>
+ </cookie-config>
+ <tracking-mode>COOKIE</tracking-mode>
+ </session-config>

<welcome-file-list>
<welcome-file>index.jsp</welcome-file>