OFBiz OFBiz - Dev

[jira] [Closed] (OFBIZ-6871) Get rid of the session-cookie-accepted feature

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Nicolas Malin (Jira)
Reply | Threaded
Open this post in threaded view
|

[jira] [Closed] (OFBIZ-6871) Get rid of the session-cookie-accepted feature

Nicolas Malin (Jira)

     [ https://issues.apache.org/jira/browse/OFBIZ-6871?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jacques Le Roux closed OFBIZ-6871.
----------------------------------
    Resolution: Done

Done at revision: 1728121  


> Get rid of the session-cookie-accepted feature
> ----------------------------------------------
>
>                 Key: OFBIZ-6871
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-6871
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: framework
>    Affects Versions: Trunk
>            Reporter: Jacques Le Roux
>            Assignee: Jacques Le Roux
>            Priority: Minor
>             Fix For: Upcoming Branch
>
>
> Since OFBIZ-6867 is now done, it will no longer be used OOTB and anyway should not be needed because we should preferably always use sessionIds in cookies and newer have sessionsIds in URLs.
> There is [old explanation here|http://seclists.org/webappsec/2002/q4/111] and here is a [more recent explanation|https://www.owasp.org/index.php/Session_Management_Cheat_Sheet#Built-in_Session_Management_Implementations]



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
Free forum by Nabble Edit this page