New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow user to select type of cookie used by oxAuth #745

Closed
aliaksander-samuseu opened this Issue Feb 9, 2018 · 1 comment

Comments

Projects
None yet
4 participants
@aliaksander-samuseu
Contributor

aliaksander-samuseu commented Feb 9, 2018

Type of cookie (its expiration method, specifically) used by oxAuth has been changed recently:
cookies_type_select
This changes the way of how at least some of browsers treat it, and we've already had complaints from users who were relying on this behaviour in 2.4.4 Per Yuriy M's suggestion, would be useful to have a new setting for oxAuth allowing to select type of cookie it will use.

@aliaksander-samuseu aliaksander-samuseu added this to the 3.1.3 milestone Feb 9, 2018

@yuriyz yuriyz modified the milestones: 3.1.3, 3.2.0 Mar 8, 2018

@yuriyz yuriyz modified the milestones: 4.0, 3.1.4 Jul 9, 2018

@yurem yurem removed their assignment Aug 13, 2018

yuriyz pushed a commit that referenced this issue Aug 15, 2018

yuriyz
#745 : added ability to skip setting session_id cookie expiration whi…
…ch leads to setting it to browser session (cookie is cleared if browser is closed).

#745

yuriyz pushed a commit that referenced this issue Aug 15, 2018

yuriyz
#745 : added ability to skip setting session_id cookie expiration whi…
…ch leads to setting it to browser session (cookie is cleared if browser is closed).

#745

(cherry picked from commit 790b27b)

yuriyz pushed a commit to GluuFederation/oxTrust that referenced this issue Aug 15, 2018

yuriyz
oxtrust : added explanation to sessionIdLifetime property that 0 or -…
…1 value skip session_id expiration and expires it when browser session end.

GluuFederation/oxAuth#745

yuriyz pushed a commit to GluuFederation/oxTrust that referenced this issue Aug 15, 2018

yuriyz
oxtrust : added explanation to sessionIdLifetime property that 0 or -…
…1 value skip session_id expiration and expires it when browser session end.

GluuFederation/oxAuth#745

(cherry picked from commit 9b0acb0)

yuriyz pushed a commit to GluuFederation/docs-ce-prod that referenced this issue Aug 15, 2018

yuriyz pushed a commit that referenced this issue Aug 15, 2018

yuriyz pushed a commit that referenced this issue Aug 15, 2018

yuriyz
#745 : corrected session_id expiration
#745

(cherry picked from commit 0d10d9b)
@yuriyz

This comment has been minimized.

Contributor

yuriyz commented Aug 17, 2018

Session lifetime is specified via sessionIdLifetime oxauth configuration property. If it is set to 0 or -1 then we session_id cookie will not have expiration specified which browsers usually handles as browser "session" and which are valid until browser is not closed (session is not ended).

Done in 3.1.4 and master.

With sessionIdLifetime=0
session_id_lifetime_not_specified

With sessionIdLifetime specified.
session_id_lifetime_specified

@yuriyz yuriyz closed this Aug 17, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment