Michael Pasternak has posted comments on this change.
Change subject: restapi : don't set jsessionid cookie when authentication
fails(#927140)
......................................................................
Patch Set 3: Looks good to me, approved
(1 inline comment)
+2 with tiny comment
....................................................
File
backend/manager/modules/restapi/interface/common/jaxrs/src/main/java/org/ovirt/engine/api/common/security/auth/Challenger.java
Line 114: // container will invalidate this session. An interval
value of zero
Line 115: // or less indicates that the session should never
timeout.
Line 116: if (successful && preferPersistentAuth) {
Line 117: if (httpSession == null) {
Line 118: httpSession = getCurrentSession(false);
what is the use-case for this ^? if you not receiving existent session in line
98, you create one in executeBasicAuthentication::179
Line 119: }
Line 120: if (httpSession != null && customHttpSessionTtl !=
null) {
Line 121: httpSession.setMaxInactiveInterval(
Line 122: customHttpSessionTtl.intValue() *
SECONDS_IN_MINUTE);
--
To view, visit http://gerrit.ovirt.org/13371
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: I84907ab56e99ebb875124f42345d691edad3cdbe
Gerrit-PatchSet: 3
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Ravi Nori <[email protected]>
Gerrit-Reviewer: Michael Pasternak <[email protected]>
Gerrit-Reviewer: Oved Ourfali <[email protected]>
Gerrit-Reviewer: Ravi Nori <[email protected]>
_______________________________________________
Engine-patches mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/engine-patches
