https://issues.apache.org/bugzilla/show_bug.cgi?id=47476
Summary: Cannot renew stored session
Product: Apache httpd-2
Version: 2.3-HEAD
Platform: All
OS/Version: All
Status: NEW
Keywords: PatchAvailable
Severity: normal
Priority: P3
Component: Other Modules
AssignedTo: [email protected]
ReportedBy: [email protected]
Created an attachment (id=23933)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=23933)
Suggested fix to the problem.
Once mod_session saves a session (to cookie), the session expiration cannot be
reset - the only way to delete and re-create cookie anew.
Accordingly to documentation:
"The SessionMaxAge directive defines a time limit for which a session will
remain valid. When a session is saved, this time limit is reset and an existing
session can be continued."
However tests and code inspection show that the expiry can be set just once and
later updates do not refresh the session.
Also, "Max-Age" value for the updated session cookie is not passed to a user
agent.
Please see the suggested fix attached.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
