Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1354061 - Secure cookie for GEARUID while keeping session affinity
Summary: Secure cookie for GEARUID while keeping session affinity
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Routing
Version: 2.2.0
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: ---
Assignee: Abhishek Gupta
QA Contact: zhaozhanqi
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-07-08 22:11 UTC by Ryan Howe
Modified: 2016-09-07 19:09 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-09-07 19:09:26 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Ryan Howe 2016-07-08 22:11:25 UTC
Looking to set GEARID as secure in response header and remove while it is sent to backend instance, while still keeping session affinity.


https://github.com/openshift/origin-server/blob/master/cartridges/openshift-origin-cartridge-haproxy/usr/bin/update-cluster#L76

https://cbonte.github.io/haproxy-dconv/configuration-1.4.html#4-cookie
   - Note the secure option. 



    1. Proposed title of this feature request  
         Secure cookie for GEARUID 
      
    2. Who is the customer behind the request?  
    Account: Cisco 	5255846
      
    TAM customer: no  
    SRM customer: yes  
    Strategic: yes  
      
    3. What is the nature and description of the request?  

Configure GEARID as secure in response header and remove while it is sent to backend instance, with out hitting session affinity issues. 
      
    4. Why does the customer need this? (List the business requirements here)  
Infosec security compliance       

    5. How would the customer like to achieve this? (List the functional requirements here)  
Making the necessary changes to haproxy's template
      
    8. Does the customer have any specific timeline dependencies and which release would they like to target (i.e. RHEL5, RHEL6)? 
- Before EOL

Comment 10 Kurt Seifried 2016-09-07 19:09:26 UTC
As per IRC closing WONTFIX since this is out of scope for support and blocked by https://bugzilla.redhat.com/show_bug.cgi?id=1092005


Note You need to log in before you can comment on or make changes to this bug.