[GitHub] [cloudstack] rohityadavcloud commented on a diff in pull request #6149: Update SAML2 auth sessionkey cookie path

GitBox Mon, 18 Apr 2022 04:44:43 -0700


rohityadavcloud commented on code in PR #6149:
URL: https://github.com/apache/cloudstack/pull/6149#discussion_r852061458



##########
plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAMLUtils.java:
##########
@@ -280,7 +280,7 @@ public static void setupSamlUserCookies(final 
LoginCmdResponse loginResponse, fi
             resp.addCookie(new Cookie("timezone", URLEncoder.encode(timezone, 
HttpUtils.UTF_8)));
         }
         resp.addCookie(new Cookie("userfullname", 
URLEncoder.encode(loginResponse.getFirstName() + " " + 
loginResponse.getLastName(), HttpUtils.UTF_8).replace("+", "%20")));
-        resp.addHeader("SET-COOKIE", String.format("%s=%s;HttpOnly", 
ApiConstants.SESSIONKEY, loginResponse.getSessionKey()));
+        resp.addHeader("SET-COOKIE", 
String.format("%s=%s;HttpOnly;Path=/client/api", ApiConstants.SESSIONKEY, 
loginResponse.getSessionKey()));

Review Comment:
   @kohrar can you check/adapt the same kind of code as in:
   
https://github.com/apache/cloudstack/blob/main/server/src/main/java/com/cloud/api/ApiServlet.java#L224



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

[GitHub] [cloudstack] rohityadavcloud commented on a diff in pull request #6149: Update SAML2 auth sessionkey cookie path

Reply via email to