[
https://issues.apache.org/jira/browse/KNOX-679?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15185521#comment-15185521
]
Larry McCay commented on KNOX-679:
----------------------------------
This patch has changed the filter from checking for cookie *values* that are
not allowed to checking for cookie/header names that are not permitted. It also
removes the hardcoded rememberme knowledge to the contributor. This will help
when we go to move this filter out of the Shiro specific module into a more
generally applicable provider/module.
> Make ResponseCookieFilter Configurable
> --------------------------------------
>
> Key: KNOX-679
> URL: https://issues.apache.org/jira/browse/KNOX-679
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Reporter: Larry McCay
> Assignee: Larry McCay
> Fix For: 0.9.0
>
>
> There are times when certain cookies need to not be allowed to be set. For
> instance, when using a Knox application to facilitate a central login page,
> the inclusion of the JSESSIONID cookie when interacting with the KnoxSSO
> service with the Shiro provider interferes with forcing the user to relogin.
> This change will allow a topology to be crafted such that the login does not
> result in a JSESSIONID being set.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
