Author: jleroux Date: Sat Jan 12 10:01:04 2019 New Revision: 1851157 URL: http://svn.apache.org/viewvc?rev=1851157&view=rev Log: Fixed: Add session tracking mode and make cookie secure (OFBIZ-6655)
Following "Session timeout for webapps" discussion on dev ML https://markmail.org/message/p6fbiojjrwb2ybxd We decided to put back the session-timeout value in web.xml files and to remove the line session.setMaxInactiveInterval(60*60); //in seconds from ControlEventListener.java Double checking Deepak found I missed 2 cases, here they are I then checked using this regexp: ^(?!.[\s\S]*minutes).[\s\S]*servlet.*$ That there is not other cases. The regexp comes from https://stackoverflow.com/questions/15209711/regex-to-find-files-containing-one-word-but-not-another I did not want to pass 1 hour to create it ;) Thanks: Deepak Nigam Modified: ofbiz/ofbiz-framework/trunk/applications/marketing/webapp/marketing/WEB-INF/web.xml ofbiz/ofbiz-framework/trunk/applications/party/webapp/partymgr/WEB-INF/web.xml Modified: ofbiz/ofbiz-framework/trunk/applications/marketing/webapp/marketing/WEB-INF/web.xml URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/applications/marketing/webapp/marketing/WEB-INF/web.xml?rev=1851157&r1=1851156&r2=1851157&view=diff ============================================================================== --- ofbiz/ofbiz-framework/trunk/applications/marketing/webapp/marketing/WEB-INF/web.xml (original) +++ ofbiz/ofbiz-framework/trunk/applications/marketing/webapp/marketing/WEB-INF/web.xml Sat Jan 12 10:01:04 2019 @@ -83,6 +83,10 @@ under the License. <url-pattern>/control/*</url-pattern> </servlet-mapping> + <session-config> + <session-timeout>60</session-timeout><!-- in minutes --> + </session-config> + <welcome-file-list> <welcome-file>index.jsp</welcome-file> </welcome-file-list> Modified: ofbiz/ofbiz-framework/trunk/applications/party/webapp/partymgr/WEB-INF/web.xml URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/applications/party/webapp/partymgr/WEB-INF/web.xml?rev=1851157&r1=1851156&r2=1851157&view=diff ============================================================================== --- ofbiz/ofbiz-framework/trunk/applications/party/webapp/partymgr/WEB-INF/web.xml (original) +++ ofbiz/ofbiz-framework/trunk/applications/party/webapp/partymgr/WEB-INF/web.xml Sat Jan 12 10:01:04 2019 @@ -83,6 +83,10 @@ under the License. <url-pattern>/control/*</url-pattern> </servlet-mapping> + <session-config> + <session-timeout>60</session-timeout><!-- in minutes --> + </session-config> + <welcome-file-list> <welcome-file>index.jsp</welcome-file> </welcome-file-list>
