[ https://issues.apache.org/jira/browse/HADOOP-12049?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14592844#comment-14592844 ]
Benoy Antony edited comment on HADOOP-12049 at 6/19/15 1:35 AM: ---------------------------------------------------------------- Before this patch, cookie is persistent. We need cookie to be persistent on some clusters and non-persistent on some other clusters. So we need this feature to configurable. With this patch, we can configure the cookie to be persistent or non-persistent. I agree that for security reasons, we can make the cookie to be non-persistent if the configuration is absent. was (Author: benoyantony): Before this patch, cookie is persistent. We need cookie to be persistent on some clusters and non-persistent on some other clusters. So we need this feature to configurable. With this patch, we can configure the cookie to be persistent or non-persistent. For retain the current behavior , cookies are made persistent if the configuration is absent. We can change that. For security reasons, we can make the cookie non-persistent if the configuration is absent. > Control http authentication cookie persistence via configuration > ---------------------------------------------------------------- > > Key: HADOOP-12049 > URL: https://issues.apache.org/jira/browse/HADOOP-12049 > Project: Hadoop Common > Issue Type: Improvement > Components: security > Affects Versions: 3.0.0 > Reporter: Benoy Antony > Assignee: hzlu > Labels: patch > Fix For: 3.0.0 > > Attachments: HADOOP-12049.001.patch, HADOOP-12049.003.patch, > HADOOP-12049.005.patch > > > During http authentication, a cookie is dropped. This is a persistent cookie. > The cookie is valid across browser sessions. > For clusters which require enhanced security, it is desirable to have a > session cookie so that cookie gets deleted when the user closes browser > session. > It should be possible to specify cookie persistence (session or persistent) > via configuration -- This message was sent by Atlassian JIRA (v6.3.4#6332)