[
https://issues.apache.org/jira/browse/HADOOP-18030?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17453153#comment-17453153
]
Larry McCay commented on HADOOP-18030:
--------------------------------------
[~lalapala] - i'm sorry, can you provide more details on the flow of this
cookie usage pattern?
If there is no Expires then it is a session cookie which should mean that it
doesn't expire until the client's session is closed.
How this relates to RM->TLS use is unclear to me - thus I'd like to better
understand that flow.
The hadoop.auth cookie Expires is also not necessarily related to the
expiration within the token inside that value of the cookie.
As you likely know, Delegation Tokens within Hadoop have a lifespan managed
within the token state and by default are good for a day but renewable for up
to 7 days.
{code}
Set-Cookie:
hadoop.auth="u=guest&p=guest/[email protected]&t=kerberos&e=1487947765114&s=fNpq9FYy2DA19Rah7586rgsAieI=";
Path=gateway/default; Domain=ambari.apache.org; Secure; HttpOnly
{code}
Note above that the "e=1487947765114" within the cookie value is part of the
token and represents its expiration while there is no Expires on the cookie
itself.
Again, perhaps there is something specific to the RM flow that I am missing.
> Authentication cookie will never expire by default after HADOOP-12049
> ---------------------------------------------------------------------
>
> Key: HADOOP-18030
> URL: https://issues.apache.org/jira/browse/HADOOP-18030
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 3.1.0
> Reporter: gaozhan ding
> Priority: Major
>
> Whlie create auth cookie for client, AuthenticationFilter will add "Expires"
> attribute for the cookie if needed. But after
> https://issues.apache.org/jira/browse/HADOOP-12049, it never enter the code
> block by default.
>
>
> {code:java}
> // AuthenticationFilter
> public static void createAuthCookie(HttpServletResponse resp, String token,
> String domain, String path, long expires,
> boolean isCookiePersistent,
> boolean isSecure) {
> //...
> //By default, isCookiePersistent = false
> if (expires >= 0 && isCookiePersistent) {
> Date date = new Date(expires);
> SimpleDateFormat df = new SimpleDateFormat("EEE, " +
> "dd-MMM-yyyy HH:mm:ss zzz");
> df.setTimeZone(TimeZone.getTimeZone("GMT"));
> sb.append("; Expires=").append(df.format(date));
> }
> //...
> }{code}
>
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
