gaozhan ding created HADOOP-18030: ------------------------------------- Summary: Authentication cookie will never expire by default after HADOOP-12049 Key: HADOOP-18030 URL: https://issues.apache.org/jira/browse/HADOOP-18030 Project: Hadoop Common Issue Type: Bug Components: security Affects Versions: 3.1.0 Reporter: gaozhan ding
Whlie create auth cookie for client, AuthenticationFilter will add "Expires" attribute for the cookie if needed. But after https://issues.apache.org/jira/browse/HADOOP-12049, it never enter the code block by default. {code:java} // AuthenticationFilter public static void createAuthCookie(HttpServletResponse resp, String token, String domain, String path, long expires, boolean isCookiePersistent, boolean isSecure) { //... //By default, isCookiePersistent = false if (expires >= 0 && isCookiePersistent) { Date date = new Date(expires); SimpleDateFormat df = new SimpleDateFormat("EEE, " + "dd-MMM-yyyy HH:mm:ss zzz"); df.setTimeZone(TimeZone.getTimeZone("GMT")); sb.append("; Expires=").append(df.format(date)); } //... }{code} -- This message was sent by Atlassian Jira (v8.20.1#820001) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org