[
https://issues.apache.org/jira/browse/HADOOP-12049?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14591086#comment-14591086
]
Haohui Mai commented on HADOOP-12049:
-------------------------------------
Are there any reasons why the auth cookie needs to be preserved across browser
sessions?
The overhead of SPNEGO authentication in browsers UI are negligible compared to
human reaction time. For WebHDFS it is a non-issue as DT is the the dominant
authentication method.
> Control http authentication cookie persistence via configuration
> ----------------------------------------------------------------
>
> Key: HADOOP-12049
> URL: https://issues.apache.org/jira/browse/HADOOP-12049
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 3.0.0
> Reporter: Benoy Antony
> Assignee: hzlu
> Labels: patch
> Fix For: 3.0.0
>
> Attachments: HADOOP-12049.001.patch, HADOOP-12049.002.patch,
> HADOOP-12049.003.patch, HADOOP-12049.patch
>
>
> During http authentication, a cookie is dropped. This is a persistent cookie.
> The cookie is valid across browser sessions.
> For clusters which require enhanced security, it is desirable to have a
> session cookie so that cookie gets deleted when the user closes browser
> session.
> It should be possible to specify cookie persistence (session or persistent)
> via configuration
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
