Alon Bar-Lev has posted comments on this change. Change subject: packaging: api: redirect /api to /ovirt-engine/api using rewrite rules ......................................................................
Patch Set 1: (1 comment) .................................................... File backend/manager/modules/restapi/webapp/src/main/webapp/WEB-INF/web.xml Line 26: <session-config> Line 27: <session-timeout>180</session-timeout> Line 28: <cookie-config> Line 29: <path>/</path> Line 30: </cookie-config> Michael, I do not think you understand the issue. It has nothing to do with the java side but the client side. 1. Client access /api and gets a cookie for /ovirt-engine/api 2. Client access /api it *DOES NOT* forward any cookie as no cookie at its cache matches /api 3. Rewrite of url into /ovirt-engine/api 4. Implementation has no cookie, authentication fails. Please describe what is wrong in the above sequence. Regardless, having cookie on sub path does not enhance security, but this is totally different thread. Thanks, Line 31: </session-config> -- To view, visit http://gerrit.ovirt.org/21566 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I2ad9bb362719c7805be9f69d7e14bd3ad7b1f5c7 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Alon Bar-Lev <[email protected]> Gerrit-Reviewer: Alexander Wels <[email protected]> Gerrit-Reviewer: Alon Bar-Lev <[email protected]> Gerrit-Reviewer: Michael Pasternak <[email protected]> Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
