Comment 2 for bug 324779
Revision history for this message
| gimenete (gimenete) wrote Re: [Bug 324779] Re: Session's cookie expiration and HttpOnly | #2 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
I haven't seen the source code but, if the session is mantained
through a Cookie and there is a capability to set the http headers, it
could be possible to set the Set-cookie header manually, isn't it?
On Tue, Feb 3, 2009 at 11:14 AM, Guillaume Bort
<email address hidden> wrote:
> The expiration date of the session cookie is now configurable throught
> the application.
>
> application.
>
> For the HttpOnly cookie we have to wait that AsyncWeb support it ...
>
> --
> Session's cookie expiration and HttpOnly
> https:/
> You received this bug notification because you are a direct subscriber
> of the bug.
>
> Status in play framework: New
>
> Bug description:
> There is no way to change the expiration date of the session's cookie. It will be also useful to be able to set the cookie as HttpOnly to minimize any possible xss attack.
>
> The default expiration time could be set as a parameter in the configuration file. However I would like to implement the typical funciontality of "remind me in this computer". That is a checkbox that in case of being selected the expiration date is longer that in case of not being selected. It is, the expiration date could be changed programatically.
>
--
Alberto Gimeno Brieba
email y gtalk: <email address hidden>
blog: http://
web favorita: http://
teléfono móvil: +34 625 24 64 81