SP 2.5 cookieProps
Cantor, Scott
cantor.2 at osu.edu
Wed Aug 8 15:44:51 EDT 2012
On 8/8/12 3:36 PM, "Tom Poage" <tfpoage at ucdavis.edu> wrote:
>
>I'd like a little clarification on configuration inheritance in
><ApplicationOverride> with SP 2.5
It's the same as before. Once you override the Sessions element, all of
the attributes in that element take their default values, they aren't
inherited. It's a functional limitation of the configuration code.
>I expected cookieProps to be inherited, or at least that's how I read
>some of the docs.
>
>https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPSessions
>
>What does <Sessions> within an <ApplicationOverride> inherit? I don't
>recall noticing the warning previously.
It doesn't inherit anything *unless* you don't have the element at all,
because then the request for the "Sessions" property set falls back to the
parent application container. I thought that was stated somewhere, but it
should be clearer on that page.
The warning itself is new, part of a set of warnings for any settings that
are not set to SSL use only, as suggested by Nate and others on the dev
list, to encourage stronger settings.
-- Scott
More information about the users
mailing list