[jira] [Commented] (GEODE-7438) Session cookie set does not reflect the context's SessionCookieConfig
[ https://issues.apache.org/jira/browse/GEODE-7438?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16986123#comment-16986123 ] ASF subversion and git services commented on GEODE-7438: Commit e5d07a33cc6a68a0c68b2ea9eabbb8713def9e14 in geode's branch refs/heads/develop from thefire [ https://gitbox.apache.org/repos/asf?p=geode.git;h=e5d07a3 ] GEODE-7438: Honor isHttpOnly and isSecure from the SessionCookieConfig in the ServletContext. (#4311) > Session cookie set does not reflect the context's SessionCookieConfig > - > > Key: GEODE-7438 > URL: https://issues.apache.org/jira/browse/GEODE-7438 > Project: Geode > Issue Type: Bug > Components: http session >Reporter: Charles Smith >Priority: Major > Labels: docs > Time Spent: 20m > Remaining Estimate: 0h > > The session cookie set and used by the HTTP Session module for AppServers > should honor the httponly and secure settings of the ServetContext's > SessionCookieConfig. > Currently the cookie created in the SessionCachingFilter.addSessionCookie > method does not use any settings from the SessionCookieConfig but it could > easily do so. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (GEODE-7438) Session cookie set does not reflect the context's SessionCookieConfig
[ https://issues.apache.org/jira/browse/GEODE-7438?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16983935#comment-16983935 ] Charles Smith commented on GEODE-7438: -- All done. Should be good for merging now. > Session cookie set does not reflect the context's SessionCookieConfig > - > > Key: GEODE-7438 > URL: https://issues.apache.org/jira/browse/GEODE-7438 > Project: Geode > Issue Type: Bug > Components: http session >Reporter: Charles Smith >Priority: Major > Labels: docs > Time Spent: 10m > Remaining Estimate: 0h > > The session cookie set and used by the HTTP Session module for AppServers > should honor the httponly and secure settings of the ServetContext's > SessionCookieConfig. > Currently the cookie created in the SessionCachingFilter.addSessionCookie > method does not use any settings from the SessionCookieConfig but it could > easily do so. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (GEODE-7438) Session cookie set does not reflect the context's SessionCookieConfig
[ https://issues.apache.org/jira/browse/GEODE-7438?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16983177#comment-16983177 ] Jens Deppe commented on GEODE-7438: --- Yes, that should be good. > Session cookie set does not reflect the context's SessionCookieConfig > - > > Key: GEODE-7438 > URL: https://issues.apache.org/jira/browse/GEODE-7438 > Project: Geode > Issue Type: Bug > Components: http session >Reporter: Charles Smith >Priority: Major > Labels: docs > Time Spent: 10m > Remaining Estimate: 0h > > The session cookie set and used by the HTTP Session module for AppServers > should honor the httponly and secure settings of the ServetContext's > SessionCookieConfig. > Currently the cookie created in the SessionCachingFilter.addSessionCookie > method does not use any settings from the SessionCookieConfig but it could > easily do so. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (GEODE-7438) Session cookie set does not reflect the context's SessionCookieConfig
[ https://issues.apache.org/jira/browse/GEODE-7438?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16983160#comment-16983160 ] Charles Smith commented on GEODE-7438: -- I grepped the source code and it looks like the supported Servlet spec for the HTTP Session Management Module or AppServers is only referenced in: geode-docs/tools_modules/http_session_mgmt/session_mgmt_weblogic.html.md.erb and geode-docs/tools_modules/http_session_mgmt/quick_start.html.md.erb It sounded like the consensus on the mailing list was to document support for version 3.1? Is that correct? And if I update these 2 docs and squash that into my pull request commit will that be sufficient for it to be merged? > Session cookie set does not reflect the context's SessionCookieConfig > - > > Key: GEODE-7438 > URL: https://issues.apache.org/jira/browse/GEODE-7438 > Project: Geode > Issue Type: Bug > Components: http session >Reporter: Charles Smith >Priority: Major > Labels: docs > Time Spent: 10m > Remaining Estimate: 0h > > The session cookie set and used by the HTTP Session module for AppServers > should honor the httponly and secure settings of the ServetContext's > SessionCookieConfig. > Currently the cookie created in the SessionCachingFilter.addSessionCookie > method does not use any settings from the SessionCookieConfig but it could > easily do so. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (GEODE-7438) Session cookie set does not reflect the context's SessionCookieConfig
[ https://issues.apache.org/jira/browse/GEODE-7438?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16974360#comment-16974360 ] Jens Deppe commented on GEODE-7438: --- Yes, 2.4 is ancient at this point :) I'd suggest writing a short _Proposal_ email to d...@geode.apache.org making the suggestion to officially move to 3.0. > Session cookie set does not reflect the context's SessionCookieConfig > - > > Key: GEODE-7438 > URL: https://issues.apache.org/jira/browse/GEODE-7438 > Project: Geode > Issue Type: Bug > Components: http session >Reporter: Charles Smiht >Priority: Major > Time Spent: 10m > Remaining Estimate: 0h > > The session cookie set and used by the HTTP Session module for AppServers > should honor the httponly and secure settings of the ServetContext's > SessionCookieConfig. > Currently the cookie created in the SessionCachingFilter.addSessionCookie > method does not use any settings from the SessionCookieConfig but it could > easily do so. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (GEODE-7438) Session cookie set does not reflect the context's SessionCookieConfig
[ https://issues.apache.org/jira/browse/GEODE-7438?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16972855#comment-16972855 ] Charles Smiht commented on GEODE-7438: -- I realized as I was fixing the integration tests I had broken that SessionCookieConfig is a Servlet 3.0 feature. Since Servlet 2.4 is pretty old at this point would bumping Geode's AppServer support to Servlet 3.0 spec be a consideration? > Session cookie set does not reflect the context's SessionCookieConfig > - > > Key: GEODE-7438 > URL: https://issues.apache.org/jira/browse/GEODE-7438 > Project: Geode > Issue Type: Bug > Components: http session >Reporter: Charles Smiht >Priority: Major > Time Spent: 10m > Remaining Estimate: 0h > > The session cookie set and used by the HTTP Session module for AppServers > should honor the httponly and secure settings of the ServetContext's > SessionCookieConfig. > Currently the cookie created in the SessionCachingFilter.addSessionCookie > method does not use any settings from the SessionCookieConfig but it could > easily do so. -- This message was sent by Atlassian Jira (v8.3.4#803005)