[
https://issues.apache.org/jira/browse/GEODE-7438?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16972855#comment-16972855
]
Charles Smiht commented on GEODE-7438:
--------------------------------------
I realized as I was fixing the integration tests I had broken that
SessionCookieConfig is a Servlet 3.0 feature. Since Servlet 2.4 is pretty old
at this point would bumping Geode's AppServer support to Servlet 3.0 spec be a
consideration?
> Session cookie set does not reflect the context's SessionCookieConfig
> ---------------------------------------------------------------------
>
> Key: GEODE-7438
> URL: https://issues.apache.org/jira/browse/GEODE-7438
> Project: Geode
> Issue Type: Bug
> Components: http session
> Reporter: Charles Smiht
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> The session cookie set and used by the HTTP Session module for AppServers
> should honor the httponly and secure settings of the ServetContext's
> SessionCookieConfig.
> Currently the cookie created in the SessionCachingFilter.addSessionCookie
> method does not use any settings from the SessionCookieConfig but it could
> easily do so.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
