Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-1111

Undertow does not respect javax.servlet.SessionCookieConfig#getMaxAge contract

    Details

      Description

      javax.servlet.SessionCookieConfig#getMaxAge states that by default -1 should be returned:

      Gets the lifetime (in seconds) of the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.
      By default, -1 is returned.

      Source

      Undertow does not respect this since its javax.servlet.SessionCookieConfig implementation, SessionCookieConfigImpl, delegates to Undertow's io.undertow.server.session.SessionCookieConfig which defaults the maxAge attribute to zero.

      We have recently implemented the ability to configure Spring Session's session cookie using SessionCookieConfig and this causes problems for Undertow users since we rely on -1 to indicate the default value, as defined by Servlet API spec.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  swd847 Stuart Douglas
                  Reporter:
                  vpavic Vedran Pavić
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: