Closed karelmaxa closed 5 years ago
Commit https://github.com/WrenSecurity/wrensec-commons/commit/5eeab0190613d726cc66037db4374b95fe0cc887 should be reverted because this check of negative value is not valid. Negative value is allowed (see [1]) and some other components use it (see [2]).
[1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie [2] https://github.com/WrenSecurity/wrensec-commons/blob/master/auth-filters/forgerock-authn-filter/forgerock-jaspi-modules/forgerock-jaspi-jwt-session-module/src/main/java/org/forgerock/jaspi/modules/session/jwt/AbstractJwtSessionModule.java#L571
Merged.
Kortanul
commented
5 years ago Kortanul
commented
5 years ago
Commit https://github.com/WrenSecurity/wrensec-commons/commit/5eeab0190613d726cc66037db4374b95fe0cc887 should be reverted because this check of negative value is not valid. Negative value is allowed (see [1]) and some other components use it (see [2]).
[1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie [2] https://github.com/WrenSecurity/wrensec-commons/blob/master/auth-filters/forgerock-authn-filter/forgerock-jaspi-modules/forgerock-jaspi-jwt-session-module/src/main/java/org/forgerock/jaspi/modules/session/jwt/AbstractJwtSessionModule.java#L571