[JIRA] Commented: (OFBIZ-210) Login Cookies set too long

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[JIRA] Commented: (OFBIZ-210) Login Cookies set too long

JIRA jira@ofbiz.org
     [ http://jira.undersunconsulting.com/browse/OFBIZ-210?page=comments#action_13805 ]
     
Chris Howe commented on OFBIZ-210:
----------------------------------

pleaes close this issue  I don't believe it to be accurate any more

> Login Cookies set too long
> --------------------------
>
>          Key: OFBIZ-210
>          URL: http://jira.undersunconsulting.com/browse/OFBIZ-210
>      Project: [OFBiz] Open For Business
>         Type: Bug
>  Environment: All
>     Reporter: Chris Howe
>     Assignee: Jira Administrator

>
>
> Login cookies are set to expire in 1 year (60 * 60 * 24 * 365) from initial set.  This length should ideally be pulled from a database config for flexibility.   Additionally, the expiration should be reset on every click.  (ie
> login - set expiration for now(0) + x seconds.  
> click within x seconds - cookie extended to now(1) + x seconds.)  Or to expire at the end of the session.
> One side effect of the current cookie expiration is that price rules persist without a login.

--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://jira.undersunconsulting.com/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira