[
https://issues.apache.org/jira/browse/JS2-712?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12635427#action_12635427
]
David Sean Taylor commented on JS2-712:
---------------------------------------
It is used but the token does not have to be the user name. I agree, it would
be better to create a generated token with no meaning. Regardless the tokens
will only live for 30 seconds.
> Create new servlet session upon login (configurable)
> ----------------------------------------------------
>
> Key: JS2-712
> URL: https://issues.apache.org/jira/browse/JS2-712
> Project: Jetspeed 2
> Issue Type: Improvement
> Components: Security
> Affects Versions: 2.1.2
> Reporter: David Sean Taylor
> Assignee: David Sean Taylor
> Fix For: 2.1.2
>
>
> Create new servlet session upon login. In 2.1, the guest session is continued
> when the user authenticates, which is a valid use-case such as an e-commerce
> portal which allows users to delay their login but still create a shopping
> cart before logging in, and then carrying over the session state to the
> logged user. This enhancement will make the "creation of new session event"
> configurable in the Spring configuration. The default behavior will still be
> to not create a new session.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
