ofbiz-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jacques Le Roux (JIRA)" <j...@apache.org>
Subject [jira] [Closed] (OFBIZ-6871) Get rid of the session-cookie-accepted feature
Date Tue, 02 Feb 2016 14:12:39 GMT

     [ https://issues.apache.org/jira/browse/OFBIZ-6871?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jacques Le Roux closed OFBIZ-6871.
----------------------------------
    Resolution: Done

Done at revision: 1728121  


> Get rid of the session-cookie-accepted feature
> ----------------------------------------------
>
>                 Key: OFBIZ-6871
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-6871
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: framework
>    Affects Versions: Trunk
>            Reporter: Jacques Le Roux
>            Assignee: Jacques Le Roux
>            Priority: Minor
>             Fix For: Upcoming Branch
>
>
> Since OFBIZ-6867 is now done, it will no longer be used OOTB and anyway should not be
needed because we should preferably always use sessionIds in cookies and newer have sessionsIds
in URLs.
> There is [old explanation here|http://seclists.org/webappsec/2002/q4/111] and here is
a [more recent explanation|https://www.owasp.org/index.php/Session_Management_Cheat_Sheet#Built-in_Session_Management_Implementations]



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message