Uploaded image for project: 'Oozie'
  1. Oozie
  2. OOZIE-1220

Make the login example cookie expire

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: trunk, 3.3.2
    • Fix Version/s: 3.3.2
    • Component/s: security
    • Labels:
      None

      Description

      The login example cookie expires only when the web browser exits. This means that if the hadoop.auth cookie expires, the ExampleAltAuthenticationHandler will automatically give you a new hadoop.auth cookie; in other words, the hadoop.auth cookie effectively never expires (as long as the web browser remains open) because it will be recreated forever. It would be good if the login example cookie was set to expire so that eventually both cookies would expire and you'd be forced to actually re-login.

      The expiration time should be configurable, but default to a low time like 5 min (because once you get the hadoop.auth cookie, you don't need it anymore).

        Attachments

          Activity

            People

            • Assignee:
              rkanter Robert Kanter
              Reporter:
              rkanter Robert Kanter
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: