Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-2735 Integrate WebEngine in 5.2 EP
  3. NXP-2818

Allow stateless requests when authentication scheme allows it

    XMLWordPrintable

    Details

    • Type: Sub-task
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 5.2 M3
    • Component/s: Web Common

      Description

      Current behavior of WebEngine is (as JSF WebApp) stateful.
      This means a Http Session is created :

      • to store the CoreSession
      • to cache JAAS authentication

      This behavior can lead to leaking CoreSession if the client does not supports cookie. This can be the case when WebEngine is accessed via BasicAuthentication au AnonymousPlugin.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: