Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1459153
Affected clients/servers:
ipa
Functional impact:
ipa: ERROR: unable to parse cookie header 'ipa_session=MagBearerToken=MiIjMRJW MAl1%2bazkGlIRns2iysA7wxc%2bpSenQtZEMKXSsRAXEcnw2wHEyzOyh8RHgIm5K7YvX1k1tPotRM2 ztegX4ODAmOe26%2fP4FLu68AupejDBNmNIENfasrNhUiPowugkkRXBOD%2b%2bsGFFMUZ%2bP7AYPH oW3bE3uN4ftRQwftE11EFTti4a9fVwB4SLKiuU&expiry=1489670819868611;Max-Age=1800;pat h=/ipa;httponly;secure;': unsupported operand type(s) for +: 'NoneType' and 'datetime.timedelta'
It can negatively affect automation tools which uses the CLI. But mainly it will be UX and reputation issue.
FreeIPA 4.5.0(1) server sends Set-Cookie header with Max-Age string, that is set by SessionMaxAge directive in httpd configuration. This is part of the header which older clients cannot parse. Older clients understand the cookie with expiration expressed this way: Expires=time_when_cookie_expires. In this format: Expires=Mon, 05 Jun 2017 17:10:07 GMT;
This bug is a proposal to work around the issue and change server in a way that it won't send Max-Age string.
Metadata Update from @pvoborni: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1459153
Metadata Update from @pvoborni: - Issue priority set to: blocker
Metadata Update from @pvoborni: - Issue assigned to simo
https://github.com/freeipa/freeipa/pull/855
master:
ipa-4-5:
Metadata Update from @mbasti: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.