shibboleth-dev - cookie lifetime for login context
Subject: Shibboleth Developers
List archive
- From: Paul Hethmon <>
- To: Shibboleth Dev <>
- Subject: cookie lifetime for login context
- Date: Fri, 31 Jul 2009 12:07:37 -0400
Title: cookie lifetime for login context Related to my problems with losing the login context key with IE, I’m wondering why the login context key is actually set with a lifetime of one year? Most cookies in Shib are session.
So inside of HttpServletHelper.bindLoginContext it uses:
Cookie contextKeyCookie = new Cookie(LOGIN_CTX_KEY_NAME, contextKey); contextKeyCookie.setPath("/"); contextKeyCookie.setSecure(httpRequest.isSecure()); contextKeyCookie.setMaxAge(31556926); httpResponse.addCookie(contextKeyCookie);
It also sets the path to root instead of the context.
I’ve actually created a test web app which mimics the behavior of the cookies being set in Shib, but of course IE works with it. So I’m just looking for straws at this point.
thanks,
Paul
-----
Paul Hethmon
Chief Software Architect
Clareity Security, LLC
865.824.1350 - office
865.250.3517 - mobile
www.clareitysecurity.com
-----
God does not play dice with the universe; He plays an ineffable game of his own devising, which might be compared, from the perspective of any of the other players, to being involved in an obscure and complex version of poker in a pitch dark room, with blank cards, for infinite stakes, with a dealer who won't tell you the rules, and who smiles all the time.
-- Terry Pratchett, Good Omens
- cookie lifetime for login context, Paul Hethmon, 07/31/2009
- RE: [Shib-Dev] cookie lifetime for login context, Scott Cantor, 07/31/2009
- Re: [Shib-Dev] cookie lifetime for login context, Paul Hethmon, 07/31/2009
- RE: [Shib-Dev] cookie lifetime for login context, Scott Cantor, 07/31/2009
Archive powered by MHonArc 2.6.16.