[HADOOP-18030] Authentication cookie will never expire by default after HADOOP-12049 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 3.1.0
Fix Version/s: None
Component/s: security
Labels:
None

Description

Whlie create auth cookie for client, AuthenticationFilter will add "Expires" attribute for the cookie if needed. But after https://issues.apache.org/jira/browse/HADOOP-12049, it never enter the code block by default.

// AuthenticationFilter

public static void createAuthCookie(HttpServletResponse resp, String token,
                                    String domain, String path, long expires,
                                    boolean isCookiePersistent,
                                    boolean isSecure) {
  //...
  //By default, isCookiePersistent = false
  if (expires >= 0 && isCookiePersistent) {
    Date date = new Date(expires);
    SimpleDateFormat df = new SimpleDateFormat("EEE, " +
            "dd-MMM-yyyy HH:mm:ss zzz");
    df.setTimeZone(TimeZone.getTimeZone("GMT"));
    sb.append("; Expires=").append(df.format(date));
  }

  //...
}

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

image-2021-12-06-10-46-26-696.png
06/Dec/21 02:46
26 kB
gaozhan ding

Activity

People

Assignee:: Unassigned

Reporter:: gaozhan ding

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 02/Dec/21 06:37

Updated:: 06/Dec/21 18:48