[
https://issues.apache.org/jira/browse/GEODE-7438?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16983160#comment-16983160
]
Charles Smith commented on GEODE-7438:
--------------------------------------
I grepped the source code and it looks like the supported Servlet spec for the
HTTP Session Management Module or AppServers is only referenced in:
geode-docs/tools_modules/http_session_mgmt/session_mgmt_weblogic.html.md.erb
and
geode-docs/tools_modules/http_session_mgmt/quick_start.html.md.erb
It sounded like the consensus on the mailing list was to document support for
version 3.1? Is that correct?
And if I update these 2 docs and squash that into my pull request commit will
that be sufficient for it to be merged?
> Session cookie set does not reflect the context's SessionCookieConfig
> ---------------------------------------------------------------------
>
> Key: GEODE-7438
> URL: https://issues.apache.org/jira/browse/GEODE-7438
> Project: Geode
> Issue Type: Bug
> Components: http session
> Reporter: Charles Smith
> Priority: Major
> Labels: docs
> Time Spent: 10m
> Remaining Estimate: 0h
>
> The session cookie set and used by the HTTP Session module for AppServers
> should honor the httponly and secure settings of the ServetContext's
> SessionCookieConfig.
> Currently the cookie created in the SessionCachingFilter.addSessionCookie
> method does not use any settings from the SessionCookieConfig but it could
> easily do so.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
