12:14 p.m.
Add
----
Key: JBWEB-70
URL: http://jira.jboss.com/jira/browse/JBWEB-70
Project: JBoss Web
Issue Type: Feature Request
Security Level: Public (Everyone can see)
Reporter: Amit Kasher
Assigned To: Mladen Turk
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
12:42 p.m.
New subject: [JBoss JIRA] Updated: (JBWEB-70) Add ability to make session tracking persistent (...based on persistent cookies)
[ http://jira.jboss.com/jira/browse/JBWEB-70?page=all ]
Amit Kasher updated JBWEB-70:
-----------------------------
Summary: Add ability to make session tracking persistent (...based on persistent
cookies) (was: Add )
Description:
In cases where HttpSession objects should not be invalidated if the user closed the
browser, JBoss (Tomcat, actually) should expose the configuration of the maximum age of
the cookies used to track the session.
Currently, it is doing ...jsessionTrackingCookie.setMaxAge(-1)... which means that the
cookie is set to expire when the browser session ends.
I would expect this to be configurable somewhere, so that I can make this cookie
non-transient.
Add ability to make session tracking persistent (...based on
persistent cookies)
--------------------------------------------------------------------------------
Key: JBWEB-70
URL: http://jira.jboss.com/jira/browse/JBWEB-70
Project: JBoss Web
Issue Type: Feature Request
Security Level: Public(Everyone can see)
Reporter: Amit Kasher
Assigned To: Mladen Turk
In cases where HttpSession objects should not be invalidated if the user closed the
browser, JBoss (Tomcat, actually) should expose the configuration of the maximum age of
the cookies used to track the session.
Currently, it is doing ...jsessionTrackingCookie.setMaxAge(-1)... which means that the
cookie is set to expire when the browser session ends.
I would expect this to be configurable somewhere, so that I can make this cookie
non-transient.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
10 a.m.
New subject: [JBoss JIRA] Resolved: (JBWEB-70) Add ability to make session tracking persistent (...based on persistent cookies)
[
https://jira.jboss.org/jira/browse/JBWEB-70?page=com.atlassian.jira.plugi...
]
Remy Maucherat resolved JBWEB-70.
---------------------------------
Resolution: Rejected
The session cookie feature addition in Servlet 3.0 will not include this, probably because
it would reduce security a lot.
Add ability to make session tracking persistent (...based on
persistent cookies)
--------------------------------------------------------------------------------
Key: JBWEB-70
URL: https://jira.jboss.org/jira/browse/JBWEB-70
Project: JBoss Web
Issue Type: Feature Request
Security Level: Public(Everyone can see)
Reporter: Amit Kasher
Assignee: Remy Maucherat
In cases where HttpSession objects should not be invalidated if the user closed the
browser, JBoss (Tomcat, actually) should expose the configuration of the maximum age of
the cookies used to track the session.
Currently, it is doing ...jsessionTrackingCookie.setMaxAge(-1)... which means that the
cookie is set to expire when the browser session ends.
I would expect this to be configurable somewhere, so that I can make this cookie
non-transient.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
6016
days inactive
6606
days old
2 comments
2 participants
participants (2)
-
Amit Kasher (JIRA) -
Remy Maucherat (JIRA)