[
https://issues.apache.org/jira/browse/OOZIE-1220?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13583591#comment-13583591
]
Alejandro Abdelnur commented on OOZIE-1220:
-------------------------------------------
+1
> Make the login example cookie expire
> ------------------------------------
>
> Key: OOZIE-1220
> URL: https://issues.apache.org/jira/browse/OOZIE-1220
> Project: Oozie
> Issue Type: Improvement
> Components: security
> Affects Versions: trunk, 3.3.2
> Reporter: Robert Kanter
> Assignee: Robert Kanter
> Fix For: trunk, 3.3.2
>
> Attachments: OOZIE-1220.patch
>
>
> The login example cookie expires only when the web browser exits. This means
> that if the hadoop.auth cookie expires, the
> {{ExampleAltAuthenticationHandler}} will automatically give you a new
> hadoop.auth cookie; in other words, the hadoop.auth cookie effectively never
> expires (as long as the web browser remains open) because it will be
> recreated forever. It would be good if the login example cookie was set to
> expire so that eventually both cookies would expire and you'd be forced to
> actually re-login.
> The expiration time should be configurable, but default to a low time like 5
> min (because once you get the hadoop.auth cookie, you don't need it anymore).
>
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
