[ https://issues.apache.org/jira/browse/OFBIZ-10635?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jacques Le Roux updated OFBIZ-10635: ------------------------------------ Comment: was deleted (was: While working on this issue I spotted that securedLoginId cookie put in with OFBIZ-10307 has the same duration (1 year) than autoUserLoginId. At r1845341, I have reduced it to the browser session which is the purpose. ) > Correct behaviour of Autologin cookies > -------------------------------------- > > Key: OFBIZ-10635 > URL: https://issues.apache.org/jira/browse/OFBIZ-10635 > Project: OFBiz > Issue Type: Bug > Components: ALL APPLICATIONS > Affects Versions: Trunk, Release Branch 16.11, Release Branch 17.12 > Reporter: Jacques Le Roux > Assignee: Jacques Le Roux > Priority: Major > > With OFBIZ-4959 I have cleaned a bit how the Autologin cookies behave. But I > followed the way it was initially done and when you think about it it does > not make sense. > I introduced the "keep-autologin-cookie" attribute in the "webapp" element of > the ofbiz-component files. But after I created the securedLoginId cookies for > OFBIZ-10307 we no longer need to create Autologin cookies for applications > which don't use it. > So I'll rename "keep-autologin-cookie" to "use-autologin-cookie", and only > create Autologin cookies when needed. No need to create and keep Autologin > cookies in applications that don't need it. -- This message was sent by Atlassian JIRA (v7.6.3#76005)