Ask Questions and Find Answers
Important:
Ask is now read-only. You can review any existing questions and answers, but not add anything new.
But - don't panic! While ask is no more, we've replaced it with discuss - the new Liferay Discussion Forum! Read more here here or just visit the site here:
discuss.liferay.com
How to remove persistent cookies.
Hi,
According US federal laws you are not supposed to put cookies in client machines. Could you tell me how to remove usage of cookies from Liferay. Is this possible.?
Any help is highly appreciated......
Thanks & Regards
Sancho
Following is the detailed error report....
Persistent Cookies
http://10.110.50.26:8080/web/guest/ir
http://10.110.50.26:8080/web/guest/guest
http://10.110.50.26:8080/web/guest/home
Summary: Cookies are small bits of data that are sent by the web application but stored locally in the browser. This lets
the application use the cookie to pass information between pages and store variable information. The web
application controls what information is stored in a cookie and how it is used. Typical types of information
stored in cookies are session Identifiers, personalization and customization information, and in rare cases
even usernames to enable automated logins. There are two different types of cookies: session cookies and
persistent cookies. Session cookies only live in the browser's memory, and are not stored anywhere.
Persistent cookies, however, are stored on the browser's hard drive. This can cause security and privacy
issues depending on the information stored in the cookie and how it is accessed.
Execution: All cookies are set by the server via the Set-Cookie HTTP Header. A browser knows to store that cookie as a
persistent cookie when it finds the keyword 'Expires=' followed by a date in the future. If there is no
'Expires=' tag, or if the specified date has already passed, then the browser will keep the cookie in memory
only as a session cookie.
To view the persistent cookie set on this page, view the HTTP response and examine the Set-Cookie
header. You should see the 'Expires=' tag with a future date specified.
Implication: Persistent cookies are stored on the browsing clients hard drive even when that client is no longer browsing
the Web site that set the client. Depending on what information is stored in the cookie, this could lead to
security and privacy violations. The Office of Management and Budget has decreed that no federal websites
shall use persistent cookies except in very specific situations.
Fix: From a coding perspective, the only distinction between a session cookie and a persistent cookie is the
'Expires=' tag that specifies when a persistent cookie should expire. If a cookie has no 'Expires=' tag, then it
is automatically interpreted as a session cookie. Removing the expiration date from the code that sets the
cookie will change it to a session cookie.
Reference: White House Office of Management and Budget:
Memorandum M-00-13 Privacy Policies and Data Collection on Federal Web Sites
Microsoft Knowledgebase Article:
Description of Persistent and Per-Session Cookies in Internet Explorer.
According US federal laws you are not supposed to put cookies in client machines. Could you tell me how to remove usage of cookies from Liferay. Is this possible.?
Any help is highly appreciated......
Thanks & Regards
Sancho
Following is the detailed error report....
Persistent Cookies
http://10.110.50.26:8080/web/guest/ir
http://10.110.50.26:8080/web/guest/guest
http://10.110.50.26:8080/web/guest/home
Summary: Cookies are small bits of data that are sent by the web application but stored locally in the browser. This lets
the application use the cookie to pass information between pages and store variable information. The web
application controls what information is stored in a cookie and how it is used. Typical types of information
stored in cookies are session Identifiers, personalization and customization information, and in rare cases
even usernames to enable automated logins. There are two different types of cookies: session cookies and
persistent cookies. Session cookies only live in the browser's memory, and are not stored anywhere.
Persistent cookies, however, are stored on the browser's hard drive. This can cause security and privacy
issues depending on the information stored in the cookie and how it is accessed.
Execution: All cookies are set by the server via the Set-Cookie HTTP Header. A browser knows to store that cookie as a
persistent cookie when it finds the keyword 'Expires=' followed by a date in the future. If there is no
'Expires=' tag, or if the specified date has already passed, then the browser will keep the cookie in memory
only as a session cookie.
To view the persistent cookie set on this page, view the HTTP response and examine the Set-Cookie
header. You should see the 'Expires=' tag with a future date specified.
Implication: Persistent cookies are stored on the browsing clients hard drive even when that client is no longer browsing
the Web site that set the client. Depending on what information is stored in the cookie, this could lead to
security and privacy violations. The Office of Management and Budget has decreed that no federal websites
shall use persistent cookies except in very specific situations.
Fix: From a coding perspective, the only distinction between a session cookie and a persistent cookie is the
'Expires=' tag that specifies when a persistent cookie should expire. If a cookie has no 'Expires=' tag, then it
is automatically interpreted as a session cookie. Removing the expiration date from the code that sets the
cookie will change it to a session cookie.
Reference: White House Office of Management and Budget:
Memorandum M-00-13 Privacy Policies and Data Collection on Federal Web Sites
Microsoft Knowledgebase Article:
Description of Persistent and Per-Session Cookies in Internet Explorer.
Have you tried setting this in portal-ext.properties?
#
# Set this to false to disable all persistent cookie. Features like
# automatically logging in will not work.
#
session.enable.persistent.cookies=false
#
# Set this to false to disable all persistent cookie. Features like
# automatically logging in will not work.
#
session.enable.persistent.cookies=false
Yes this is working.
I had tried this earlier. But I had found it not working. Maybe I tested it wrong.
Thanks a lot.
I had tried this earlier. But I had found it not working. Maybe I tested it wrong.
Thanks a lot.