gaozhan ding created HADOOP-18030:
-------------------------------------
Summary: Authentication cookie will never expire by default after
HADOOP-12049
Key: HADOOP-18030
URL: https://issues.apache.org/jira/browse/HADOOP-18030
Project: Hadoop Common
Issue Type: Bug
Components: security
Affects Versions: 3.1.0
Reporter: gaozhan ding
Whlie create auth cookie for client, AuthenticationFilter will add "Expires"
attribute for the cookie if needed. But after
https://issues.apache.org/jira/browse/HADOOP-12049, it never enter the code
block by default.
{code:java}
// AuthenticationFilter
public static void createAuthCookie(HttpServletResponse resp, String token,
String domain, String path, long expires,
boolean isCookiePersistent,
boolean isSecure) {
//...
//By default, isCookiePersistent = false
if (expires >= 0 && isCookiePersistent) {
Date date = new Date(expires);
SimpleDateFormat df = new SimpleDateFormat("EEE, " +
"dd-MMM-yyyy HH:mm:ss zzz");
df.setTimeZone(TimeZone.getTimeZone("GMT"));
sb.append("; Expires=").append(df.format(date));
}
//...
}{code}
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
