Return-Path: 
 <dev-return-93768-apmail-ofbiz-dev-archive=ofbiz.apache.org@ofbiz.apache.org>
X-Original-To: apmail-ofbiz-dev-archive@www.apache.org
Delivered-To: apmail-ofbiz-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 59440180B7
	for <apmail-ofbiz-dev-archive@www.apache.org>;
 Tue,  2 Feb 2016 14:12:51 +0000 (UTC)
Received: (qmail 75127 invoked by uid 500); 2 Feb 2016 14:12:39 -0000
Delivered-To: apmail-ofbiz-dev-archive@ofbiz.apache.org
Received: (qmail 75094 invoked by uid 500); 2 Feb 2016 14:12:39 -0000
Mailing-List: contact dev-help@ofbiz.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@ofbiz.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@ofbiz.apache.org>
List-Post: <mailto:dev@ofbiz.apache.org>
List-Id: <dev.ofbiz.apache.org>
Reply-To: dev@ofbiz.apache.org
Delivered-To: mailing list dev@ofbiz.apache.org
Received: (qmail 75083 invoked by uid 99); 2 Feb 2016 14:12:39 -0000
Received: from arcas.apache.org (HELO arcas) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 02 Feb 2016 14:12:39 +0000
Received: from arcas.apache.org (localhost [127.0.0.1])
	by arcas (Postfix) with ESMTP id C17AF2C044E
	for <dev@ofbiz.apache.org>; Tue,  2 Feb 2016 14:12:39 +0000 (UTC)
Date: Tue, 2 Feb 2016 14:12:39 +0000 (UTC)
From: "Jacques Le Roux (JIRA)" <jira@apache.org>
To: dev@ofbiz.apache.org
Message-ID: <JIRA.12935973.1454422138000.276540.1454422359788@Atlassian.JIRA>
In-Reply-To: <JIRA.12935973.1454422138000@Atlassian.JIRA>
References: <JIRA.12935973.1454422138000@Atlassian.JIRA>
 <JIRA.12935973.1454422138687@arcas>
Subject: [jira] [Closed] (OFBIZ-6871) Get rid of the session-cookie-accepted
 feature
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


     [ https://issues.apache.org/jira/browse/OFBIZ-6871?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jacques Le Roux closed OFBIZ-6871.
----------------------------------
    Resolution: Done

Done at revision: 1728121  


> Get rid of the session-cookie-accepted feature
> ----------------------------------------------
>
>                 Key: OFBIZ-6871
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-6871
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: framework
>    Affects Versions: Trunk
>            Reporter: Jacques Le Roux
>            Assignee: Jacques Le Roux
>            Priority: Minor
>             Fix For: Upcoming Branch
>
>
> Since OFBIZ-6867 is now done, it will no longer be used OOTB and anyway should not be needed because we should preferably always use sessionIds in cookies and newer have sessionsIds in URLs.
> There is [old explanation here|http://seclists.org/webappsec/2002/q4/111] and here is a [more recent explanation|https://www.owasp.org/index.php/Session_Management_Cheat_Sheet#Built-in_Session_Management_Implementations]



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)