Jacques Le Roux created OFBIZ-6871:
--------------------------------------
Summary: Get rid of the session-cookie-accepted feature
Key: OFBIZ-6871
URL:
https://issues.apache.org/jira/browse/OFBIZ-6871 Project: OFBiz
Issue Type: Sub-task
Components: framework
Affects Versions: Trunk
Reporter: Jacques Le Roux
Assignee: Jacques Le Roux
Priority: Minor
Fix For: Upcoming Branch
Since OFBIZ-6867is now done, it will no longer be used OOTB and anyway should not be needed because we should preferably always use sessionIds in cookies and newer have sessionsIds in URLs.
There is [old explanation here|
http://seclists.org/webappsec/2002/q4/111] and here is a [more recent explanation|
https://www.owasp.org/index.php/Session_Management_Cheat_Sheet#Built-in_Session_Management_Implementations]
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
Locked
