[ https://issues.apache.org/jira/browse/HADOOP-18030?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17452569#comment-17452569 ]
Larry McCay commented on HADOOP-18030: -------------------------------------- [~lalapala] - this JIRA seems to articulate exactly what HADOOP-12049 says that it is doing. Are you saying that we need to set expires when isCoookiePersistent is false as well - in other words, for session cookies? As I understand HADOOP-12049, the previous implementation only had persistent or permanent cookies which include an expires attribute. The change there was to introduce session cookies which do not have an expires attribute and by default we assume session cookies. Perhaps there was a backward compatibility issue there for default behavior but it seems to be what I would expect with the stated intent of that change. So, do you have a unit test or something that indicates that there is some gap with the current implementation? > Authentication cookie will never expire by default after HADOOP-12049 > --------------------------------------------------------------------- > > Key: HADOOP-18030 > URL: https://issues.apache.org/jira/browse/HADOOP-18030 > Project: Hadoop Common > Issue Type: Bug > Components: security > Affects Versions: 3.1.0 > Reporter: gaozhan ding > Priority: Major > > Whlie create auth cookie for client, AuthenticationFilter will add "Expires" > attribute for the cookie if needed. But after > https://issues.apache.org/jira/browse/HADOOP-12049, it never enter the code > block by default. > > > {code:java} > // AuthenticationFilter > public static void createAuthCookie(HttpServletResponse resp, String token, > String domain, String path, long expires, > boolean isCookiePersistent, > boolean isSecure) { > //... > //By default, isCookiePersistent = false > if (expires >= 0 && isCookiePersistent) { > Date date = new Date(expires); > SimpleDateFormat df = new SimpleDateFormat("EEE, " + > "dd-MMM-yyyy HH:mm:ss zzz"); > df.setTimeZone(TimeZone.getTimeZone("GMT")); > sb.append("; Expires=").append(df.format(date)); > } > //... > }{code} > > -- This message was sent by Atlassian Jira (v8.20.1#820001) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org