Bug 1521012
| Summary: | [GSS](6.4.z) default-session-timeout doesn't apply to apps containing session-config | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [JBoss] JBoss Enterprise Application Platform 6 | Reporter: | Aaron Ogburn <aogburn> | ||||
| Component: | Web | Assignee: | Aaron Ogburn <aogburn> | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Michael Cada <mcada> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 6.4.18 | CC: | bmaxwell, cdewolf, jondruse, rmaucher | ||||
| Target Milestone: | CR1 | ||||||
| Target Release: | EAP 6.4.20 | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| URL: | https://github.com/jbossas/jboss-eap/pull/3069 | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2019-08-02 07:31:08 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 1510090 | ||||||
| Attachments: |
|
||||||
Created attachment 1363253 [details] bz1521012.war Regression tests passed Verified with EAP 6.4.20.CP.CR1 |
Description of problem: The default-session-timeout from the web subsystem does not apply to applications that contain a <session-config> in their web.xml (even if no session timeout is set in the web.xml). The presence of the <session-config> results in the app having a SessionConfigMetaData with a default session timeout of 30 minutes that overrides the default-session-timeout set in the web subsystem. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Set a default-session-timeout: <subsystem xmlns="urn:jboss:domain:web:2.2" default-virtual-server="default-host" native="false" default-session-timeout="15"> 2. Deploy an app with the following in its web.xml (for example, the attached war): <session-config> <cookie-config> <http-only>true</http-only> </cookie-config> </session-config> 3. Check that the session timeout is 30 minutes instead of 15 (easily done by requesting the attached app's index.jsp) Actual results: default-session-timeout does not apply Expected results: default-session-timeout does apply Additional info: Note that default-session-timeout does apply in this case on EAP 7