#5771 don't expire session cookies
Opened 3 years ago by pvoborni. Modified 8 months ago

API Session Cookies has expires: server time + 20mins.

In a case where browser is 20mins or more ahead than server, Web UI stops working.

We don't have to rely on cookie expiration because server should return 401 anyway if the session is expired. Therefore the case above is valid.

Resolution:

  • set cookie Expires to a distant future
  • set cookie Max-Age, e.g., to a year (3652460*60)

Metadata Update from @pvoborni:
- Issue assigned to someone
- Issue set to the milestone: FreeIPA 4.5 backlog

2 years ago

Metadata Update from @rcritten:
- Issue close_status updated to: None

8 months ago

Login to comment on this ticket.

Metadata