Skip to content

Changed session tracking mode to cookie only#1201

Merged
arvindsv merged 1 commit intogocd:masterfrom
jyotisingh:disable_session_tracking_through_url
Jun 9, 2015
Merged

Changed session tracking mode to cookie only#1201
arvindsv merged 1 commit intogocd:masterfrom
jyotisingh:disable_session_tracking_through_url

Conversation

@jyotisingh
Copy link
Contributor

@jyotisingh jyotisingh commented Jun 8, 2015

By default jetty sets it to url and cookie (http://www.eclipse.org/jetty/documentation/9.2.8.v20150217/session-management.html#session-tracking-modes)
Also, updated the xsd version used by the web xml files

Fixes #1185 and this issue reported on mailing lists.

@jyotisingh
Changed session tracking mode to cookie only
81a796e 
By default jetty sets it to url and cookie (http://www.eclipse.org/jetty/documentation/9.2.8.v20150217/session-management.html#session-tracking-modes)
Also, updated the xsd vesion used by the web xml files
@jyotisingh jyotisingh added this to the Release 15.2 milestone Jun 9, 2015
arvindsv added a commit that referenced this pull request Jun 9, 2015
@arvindsv
Merge pull request #1201 from jyotisingh/disable_session_tracking_thr…
a61890b 
…ough_url

Changed session tracking mode to cookie only
@arvindsv arvindsv merged commit a61890b into gocd:master Jun 9, 2015
@arvindsv
Copy link
Member

arvindsv commented Jun 9, 2015

Checked using this config:

<?xml version="1.0" encoding="utf-8"?>
<cruise xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="cruise-config.xsd" schemaVersion="75">
  <server artifactsdir="artifacts" commandRepositoryLocation="default" serverId="91c3e632-5405-4287-968e-1de4e715db08">
    <security>
      <passwordFile path="/path/to/a/valid/password.properties" />
    </security>
  </server>
</cruise>

with a build without this change, and with a build with this change. Accessing: http://localhost:8153/go in an incognito window will show jsessionid in the URL in the older builds, and won't in this.

@arvindsv
Copy link
Member

arvindsv commented Jun 9, 2015

I don't think this needs any new functional tests, or changes to existing ones.

@ketan
Copy link
Member

ketan commented Jun 10, 2015

Verified, works on 15.2.0(2055-c3c306dc03a122). Please close this issue out.

@jyotisingh jyotisingh deleted the disable_session_tracking_through_url branch July 16, 2015 04:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

Release 15.2

Development

Successfully merging this pull request may close these issues.

4 participants

@jyotisingh @arvindsv @ketan @zabil