Log Message: |
Improved: Add session tracking mode and make cookie secure
(OFBIZ-6655)
Programmatically replaces the web.xml <session-config> declarations and uses
the @WebListener annotation to start the process. This avoid to duplicates
things everywhere in web.xml files. Since the web.xml files have precedence
on annotations, the setting can be easily overridden when necessary.
Now that we also use HTTPS in ecommerce the ecommerce session cookie is
also secured.
I also noted that we had 8 weird <session-timeout> declarations:
in solr component: <session-timeout>2</session-timeout>
in themes: <session-timeout>1</session-timeout>
Also in Rainbowstone we lacked the <cookie-config> and <tracking-mode>
declarations. I think it's not good.
I resolve these points by simply removing the <session-config> in web.xml files
of themes and Solr.
Thanks: Pradhan Yash Sharma for review
|