Fix inconsistency between CHF and Servlet API cookie handling. #22

WrenSecurity / wrensec-commons

Community fork of ForgeRock Commons, which contains common utility code used by multiple products originally developed by ForgeRock.

http://wrensecurity.org

0 stars 10 forks source link

Fix inconsistency between CHF and Servlet API cookie handling. #22 #23

Closed pavelhoral closed 3 years ago

pavelhoral commented 3 years ago

This should be backported to sustaining/22.0.x after merging to master.

pavelhoral commented 3 years ago

Changed the behaviour back to servlet and grizzly style (i.e. max-age is either negative for session, zero to actually delete the cookie and positive for a standard expiration). So CHF is the odd one out, but that is OK. I left all the excessive unit tests in there :).

pavelhoral commented 3 years ago

SemaphoreCI is spreading fake news :) - the build is OK. Not sure what happened there.