Fixed: Add session tracking mode and make cookie secure
(OFBIZ-6655)
Following "Session timeout for webapps" discussion on dev ML
https://markmail.org/message/p6fbiojjrwb2ybxd
We decided to put back the session-timeout value in web.xml files and to remove
the line
session.setMaxInactiveInterval(60*60); //in seconds
from ControlEventListener.java
Thanks: Deepak Nigam for report and Girish Vasmatkar for discussion
|