Set cookie expiration age appropriately, fixes SIDP-143
authorlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Tue, 29 Jan 2008 06:37:46 +0000 (06:37 +0000)
committerlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Tue, 29 Jan 2008 06:37:46 +0000 (06:37 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@2602 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

src/edu/internet2/middleware/shibboleth/idp/authn/AuthenticationEngine.java

index c8e973a..d6470e1 100644 (file)
@@ -455,7 +455,7 @@ public class AuthenticationEngine extends HttpServlet {
         sessionCookie.setSecure(false);
 
         int maxAge = (int) (userSession.getInactivityTimeout() / 1000);
-        sessionCookie.setMaxAge(maxAge);
+        sessionCookie.setMaxAge(-1);
 
         httpResponse.addCookie(sessionCookie);
     }