Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-7511

Undertow 'session-id-length' not working properly

    XMLWordPrintable

Details

    Description

      Attribute session-id-length of servlet-container:

      /subsystem=undertow/servlet-container=default:read-resource-description[session-id-length]
      

      does not work exactly the way its description says:

      "description" => "The length of the generated session ID. Longer session ID's are more secure.",
      

      When I change it's value to X, actual result value of servlet session ID is ((X + 2) / 3) * 4, see this line of code. I am not sure what is the reason of this (probably to get some close greater number that can be divided by 4?).

      Please there should be either:

      • changed code so result session ID has length that corresponds to what user set
      • or update attribute description to explain user properly what is actually set

      Note: here is the Jira for which this feature has been introduced into Wildfly.

      Attachments

        Issue Links

          Activity

            People

              sdouglas1@redhat.com Stuart Douglas
              sdouglas1@redhat.com Stuart Douglas
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: