Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Changed session tracking mode to cookie only #1201

Merged

Conversation

Projects
None yet
4 participants
@jyotisingh
Copy link
Contributor

commented Jun 8, 2015

By default jetty sets it to url and cookie (http://www.eclipse.org/jetty/documentation/9.2.8.v20150217/session-management.html#session-tracking-modes)
Also, updated the xsd version used by the web xml files

Fixes #1185 and this issue reported on mailing lists.

Changed session tracking mode to cookie only
By default jetty sets it to url and cookie (http://www.eclipse.org/jetty/documentation/9.2.8.v20150217/session-management.html#session-tracking-modes)
Also, updated the xsd vesion used by the web xml files

@jyotisingh jyotisingh added this to the Release 15.2 milestone Jun 9, 2015

arvindsv added a commit that referenced this pull request Jun 9, 2015

Merge pull request #1201 from jyotisingh/disable_session_tracking_thr…
…ough_url

Changed session tracking mode to cookie only

@arvindsv arvindsv merged commit a61890b into gocd:master Jun 9, 2015

@arvindsv

This comment has been minimized.

Copy link
Member

commented Jun 9, 2015

Checked using this config:

<?xml version="1.0" encoding="utf-8"?>
<cruise xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="cruise-config.xsd" schemaVersion="75">
  <server artifactsdir="artifacts" commandRepositoryLocation="default" serverId="91c3e632-5405-4287-968e-1de4e715db08">
    <security>
      <passwordFile path="/path/to/a/valid/password.properties" />
    </security>
  </server>
</cruise>

with a build without this change, and with a build with this change. Accessing: http://localhost:8153/go in an incognito window will show jsessionid in the URL in the older builds, and won't in this.

@arvindsv

This comment has been minimized.

Copy link
Member

commented Jun 9, 2015

I don't think this needs any new functional tests, or changes to existing ones.

@ketan

This comment has been minimized.

Copy link
Member

commented Jun 10, 2015

Verified, works on 15.2.0(2055-c3c306dc03a122). Please close this issue out.

@jyotisingh jyotisingh deleted the jyotisingh:disable_session_tracking_through_url branch Jul 16, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.