Log Message: |
Fixed: Add session tracking mode and make cookie secure
(OFBIZ-6655)
Following "Session timeout for webapps" discussion on dev ML
https://markmail.org/message/p6fbiojjrwb2ybxd
We decided to put back the session-timeout value in web.xml files and to remove
the line
session.setMaxInactiveInterval(60*60); //in seconds
from ControlEventListener.java
Double checking Deepak found I missed 2 cases, here they are
I then checked using this regexp: ^(?!.[\s\S]*minutes).[\s\S]*servlet.*$
That there is not other cases. The regexp comes from
https://stackoverflow.com/questions/15209711/regex-to-find-files-containing-one-word-but-not-another
I did not want to pass 1 hour to create it ;)
Thanks: Deepak Nigam
|