Skip to Content.
Sympa Menu

shibboleth-dev - cookie lifetime for login context

Subject: Shibboleth Developers

List archive

cookie lifetime for login context


Chronological Thread 
  • From: Paul Hethmon <>
  • To: Shibboleth Dev <>
  • Subject: cookie lifetime for login context
  • Date: Fri, 31 Jul 2009 12:07:37 -0400

Title: cookie lifetime for login context
Related to my problems with losing the login context key with IE, I’m wondering why the login context key is actually set with a lifetime of one year? Most cookies in Shib are session.

So inside of HttpServletHelper.bindLoginContext it uses:

        Cookie contextKeyCookie = new Cookie(LOGIN_CTX_KEY_NAME, contextKey);        contextKeyCookie.setPath("/");        contextKeyCookie.setSecure(httpRequest.isSecure());        contextKeyCookie.setMaxAge(31556926);        httpResponse.addCookie(contextKeyCookie);
It also sets the path to root instead of the context.

I’ve actually created a test web app which mimics the behavior of the cookies being set in Shib, but of course IE works with it. So I’m just looking for straws at this point.

thanks,

Paul

-----
Paul Hethmon
Chief Software Architect
Clareity Security, LLC
865.824.1350 - office
865.250.3517 - mobile
www.clareitysecurity.com
-----

God does not play dice with the universe; He plays an ineffable game of his own devising, which might be compared, from the perspective of any of the other players, to being involved in an obscure and complex version of poker in a pitch dark room, with blank cards, for infinite stakes, with a dealer who won't tell you the rules, and who smiles all the time.

 -- Terry Pratchett, Good Omens




Archive powered by MHonArc 2.6.16.

Top of Page