[
https://issues.apache.org/jira/browse/HADOOP-18030?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
gaozhan ding updated HADOOP-18030:
----------------------------------
Attachment: image-2021-12-06-10-46-26-696.png
> Authentication cookie will never expire by default after HADOOP-12049
> ---------------------------------------------------------------------
>
> Key: HADOOP-18030
> URL: https://issues.apache.org/jira/browse/HADOOP-18030
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 3.1.0
> Reporter: gaozhan ding
> Priority: Major
> Attachments: image-2021-12-06-10-46-26-696.png
>
>
> Whlie create auth cookie for client, AuthenticationFilter will add "Expires"
> attribute for the cookie if needed. But after
> https://issues.apache.org/jira/browse/HADOOP-12049, it never enter the code
> block by default.
>
>
> {code:java}
> // AuthenticationFilter
> public static void createAuthCookie(HttpServletResponse resp, String token,
> String domain, String path, long expires,
> boolean isCookiePersistent,
> boolean isSecure) {
> //...
> //By default, isCookiePersistent = false
> if (expires >= 0 && isCookiePersistent) {
> Date date = new Date(expires);
> SimpleDateFormat df = new SimpleDateFormat("EEE, " +
> "dd-MMM-yyyy HH:mm:ss zzz");
> df.setTimeZone(TimeZone.getTimeZone("GMT"));
> sb.append("; Expires=").append(df.format(date));
> }
> //...
> }{code}
>
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
