[jira] [Created] (OFBIZ-6871) Get rid of the session-cookie-accepted feature

Jacques Le Roux (JIRA) Tue, 02 Feb 2016 06:10:37 -0800

Jacques Le Roux created OFBIZ-6871:
--------------------------------------

             Summary: Get rid of the session-cookie-accepted feature
                 Key: OFBIZ-6871
                 URL: https://issues.apache.org/jira/browse/OFBIZ-6871
             Project: OFBiz
          Issue Type: Sub-task
          Components: framework
    Affects Versions: Trunk
            Reporter: Jacques Le Roux
            Assignee: Jacques Le Roux
            Priority: Minor
             Fix For: Upcoming Branch



Since OFBIZ-6867is now done, it will no longer be used OOTB and anyway should 
not be needed because we should preferably always use sessionIds in cookies and 
newer have sessionsIds in URLs.

There is [old explanation here|http://seclists.org/webappsec/2002/q4/111] and 
here is a [more recent 
explanation|https://www.owasp.org/index.php/Session_Management_Cheat_Sheet#Built-in_Session_Management_Implementations]



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (OFBIZ-6871) Get rid of the session-cookie-accepted feature

Reply via email to