[
https://issues.apache.org/jira/browse/OFBIZ-6871?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jacques Le Roux updated OFBIZ-6871:
-----------------------------------
Description:
Since OFBIZ-6867 is now done, it will no longer be used OOTB and anyway should
not be needed because we should preferably always use sessionIds in cookies and
newer have sessionsIds in URLs.
There is [old explanation here|http://seclists.org/webappsec/2002/q4/111] and
here is a [more recent
explanation|https://www.owasp.org/index.php/Session_Management_Cheat_Sheet#Built-in_Session_Management_Implementations]
was:
Since OFBIZ-6867is now done, it will no longer be used OOTB and anyway should
not be needed because we should preferably always use sessionIds in cookies and
newer have sessionsIds in URLs.
There is [old explanation here|http://seclists.org/webappsec/2002/q4/111] and
here is a [more recent
explanation|https://www.owasp.org/index.php/Session_Management_Cheat_Sheet#Built-in_Session_Management_Implementations]
> Get rid of the session-cookie-accepted feature
> ----------------------------------------------
>
> Key: OFBIZ-6871
> URL: https://issues.apache.org/jira/browse/OFBIZ-6871
> Project: OFBiz
> Issue Type: Sub-task
> Components: framework
> Affects Versions: Trunk
> Reporter: Jacques Le Roux
> Assignee: Jacques Le Roux
> Priority: Minor
> Fix For: Upcoming Branch
>
>
> Since OFBIZ-6867 is now done, it will no longer be used OOTB and anyway
> should not be needed because we should preferably always use sessionIds in
> cookies and newer have sessionsIds in URLs.
> There is [old explanation here|http://seclists.org/webappsec/2002/q4/111] and
> here is a [more recent
> explanation|https://www.owasp.org/index.php/Session_Management_Cheat_Sheet#Built-in_Session_Management_Implementations]
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
