Details

    • Type: Sub-task
    • Status: Closed
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: Trunk
    • Fix Version/s: 16.11.01
    • Component/s: framework
    • Labels:
      None
    • Sprint:
      Bug Crush Event - 21/2/2015

      Description

      We should always use sessionIds in cookies and newer have sessionsIds in URLs. So I will remove all sessionsIds in URLs. There are 2 cases:

      1. the part related to spiders in RequestHandler
      2. HtmlFormRenderer.appendExternalLoginKey() (there is also an appendExternalLoginKey method in MacroFormRenderer class but it's not used OOTB)

      There are also many cases where we show the sessionId in logs (using UtilHttp.getSessionId()) I wonder if we should not keep those commented out or change the debug info level. Also HttpSessionEvent.getSession().getId() is directly used in some places for the same purpose (log)

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jacques.le.roux Jacques Le Roux
                Reporter:
                jacques.le.roux Jacques Le Roux
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: