AMBARI-21675.Add Secure Flag to Cookie / JSESSIONID in Zeppelin(Prabhjyot Singh via Venkata Sairam)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/6fb37195 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/6fb37195 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/6fb37195 Branch: refs/heads/branch-feature-logsearch-ui Commit: 6fb371957ad5612e3a6b2c639dec559aacf5a15d Parents: 705a62b Author: Venkata Sairam <venkatasairam.la...@gmail.com> Authored: Mon Aug 21 14:03:58 2017 +0530 Committer: Venkata Sairam <venkatasairam.la...@gmail.com> Committed: Mon Aug 21 14:03:58 2017 +0530 ---------------------------------------------------------------------- .../ZEPPELIN/0.6.0.2.5/configuration/zeppelin-shiro-ini.xml | 6 ++++++ 1 file changed, 6 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/6fb37195/ambari-server/src/main/resources/common-services/ZEPPELIN/0.6.0.2.5/configuration/zeppelin-shiro-ini.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/ZEPPELIN/0.6.0.2.5/configuration/zeppelin-shiro-ini.xml b/ambari-server/src/main/resources/common-services/ZEPPELIN/0.6.0.2.5/configuration/zeppelin-shiro-ini.xml index 971e4af..742f5be 100644 --- a/ambari-server/src/main/resources/common-services/ZEPPELIN/0.6.0.2.5/configuration/zeppelin-shiro-ini.xml +++ b/ambari-server/src/main/resources/common-services/ZEPPELIN/0.6.0.2.5/configuration/zeppelin-shiro-ini.xml @@ -61,6 +61,12 @@ sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager securityManager.cacheManager = $cacheManager +cookie = org.apache.shiro.web.servlet.SimpleCookie +cookie.name = JSESSIONID +cookie.secure = true +cookie.httpOnly = true +sessionManager.sessionIdCookie = $cookie + securityManager.sessionManager = $sessionManager # 86,400,000 milliseconds = 24 hour securityManager.sessionManager.globalSessionTimeout = 86400000