Robert Kanter created OOZIE-1220:
------------------------------------
Summary: Make the login example cookie expire
Key: OOZIE-1220
URL: https://issues.apache.org/jira/browse/OOZIE-1220
Project: Oozie
Issue Type: Improvement
Components: security
Affects Versions: trunk, 3.3.2
Reporter: Robert Kanter
Assignee: Robert Kanter
Fix For: trunk, 3.3.2
The login example cookie expires only when the web browser exits. This means
that if the hadoop.auth cookie expires, the {{ExampleAltAuthenticationHandler}}
will automatically give you a new hadoop.auth cookie; in other words, the
hadoop.auth cookie effectively never expires (as long as the web browser
remains open) because it will be recreated forever. It would be good if the
login example cookie was set to expire so that eventually both cookies would
expire and you'd be forced to actually re-login.
The expiration time should be configurable, but default to a low time like 5
min (because once you get the hadoop.auth cookie, you don't need it anymore).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
