Embed expiry in session, fix clock-skew issues in IE #13180
Conversation
|
[test] |
|
Evaluated for origin test up to 2f5b1a3 |
|
continuous-integration/openshift-jenkins/test SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pull_requests_origin_future/712/) (Base Commit: 2cac04a) |
|
No action on this for a long time - still required? |
|
Yeah. IE is intransigent. |
|
continuous-integration/openshift-jenkins/merge Waiting: You are in the build queue at position: 1 |
|
Evaluated for origin merge up to 2f5b1a3 |
|
not a blocker, bug is low priority, rarely encountered, and (relatively) easily worked around. I'd rather merge this at the beginning of 3.7 |
|
Sure |
openshift-merge-robot
added
the
size/M
openshift-merge-robot
added
approved
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: liggitt No associated issue. Update pull-request body to add a reference to an issue, or get approval with The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
|
Looks fine, but I'm not clear on why we have to do it this way. |
IE doesn't honor the max-age cookie param, it requires an absolute date, which means the client and the server have to agree on what time it is. This changes the cookie to a session cookie, and embeds the expiry inside the session, which means only the apiservers have to agree on what time it is. |
|
@openshift/security retagging for merge for 3.7 |
|
/test end_to_end |
|
/retest |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/test all [submit-queue is verifying that this PR is safe to merge] |
|
Automatic merge from submit-queue |
Embeds session timeout in the session content and makes the cookie a session cookie. Fixes clock skew issues in IE cookie handling.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1270436