Author: deepak
Date: Wed Dec 30 17:00:00 2015
New Revision: 1722379
URL: http://svn.apache.org/viewvc?rev=1722379&view=rev
Log:
(OFBIZ-6655) Reverted r1719762, as system fails to find the session cookie for
ecommerce, will debug it in more detail but for now to fix this issue reverting
r1719762.
Modified:
ofbiz/trunk/applications/marketing/src/org/ofbiz/marketing/tracking/TrackingCodeEvents.java
ofbiz/trunk/applications/order/src/org/ofbiz/order/shoppinglist/ShoppingListEvents.java
ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/stats/VisitHandler.java
Modified:
ofbiz/trunk/applications/marketing/src/org/ofbiz/marketing/tracking/TrackingCodeEvents.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/marketing/src/org/ofbiz/marketing/tracking/TrackingCodeEvents.java?rev=1722379&r1=1722378&r2=1722379&view=diff
==============================================================================
---
ofbiz/trunk/applications/marketing/src/org/ofbiz/marketing/tracking/TrackingCodeEvents.java
(original)
+++
ofbiz/trunk/applications/marketing/src/org/ofbiz/marketing/tracking/TrackingCodeEvents.java
Wed Dec 30 17:00:00 2015
@@ -31,14 +31,14 @@ import org.ofbiz.base.util.Debug;
import org.ofbiz.base.util.UtilDateTime;
import org.ofbiz.base.util.UtilMisc;
import org.ofbiz.base.util.UtilValidate;
+import org.ofbiz.webapp.stats.VisitHandler;
+import org.ofbiz.webapp.website.WebSiteWorker;
import org.ofbiz.entity.Delegator;
import org.ofbiz.entity.GenericEntityException;
import org.ofbiz.entity.GenericValue;
import org.ofbiz.entity.util.EntityQuery;
import org.ofbiz.entity.util.EntityUtilProperties;
import org.ofbiz.product.category.CategoryWorker;
-import org.ofbiz.webapp.stats.VisitHandler;
-import org.ofbiz.webapp.website.WebSiteWorker;
/**
* Events used for maintaining TrackingCode related information
@@ -228,8 +228,6 @@ public class TrackingCodeEvents {
if (trackableLifetime.longValue() > 0)
trackableCookie.setMaxAge(trackableLifetime.intValue());
trackableCookie.setPath("/");
if (cookieDomain.length() > 0)
trackableCookie.setDomain(cookieDomain);
- trackableCookie.setSecure(true);
- trackableCookie.setHttpOnly(true);
response.addCookie(trackableCookie);
}
@@ -240,8 +238,6 @@ public class TrackingCodeEvents {
if (billableLifetime.longValue() > 0)
billableCookie.setMaxAge(billableLifetime.intValue());
billableCookie.setPath("/");
if (cookieDomain.length() > 0)
billableCookie.setDomain(cookieDomain);
- billableCookie.setSecure(true);
- billableCookie.setHttpOnly(true);
response.addCookie(billableCookie);
}
@@ -268,17 +264,13 @@ public class TrackingCodeEvents {
siteIdCookie.setMaxAge(siteIdCookieAge);
siteIdCookie.setPath("/");
if (cookieDomain.length() > 0)
siteIdCookie.setDomain(cookieDomain);
- siteIdCookie.setSecure(true);
- siteIdCookie.setHttpOnly(true);
- response.addCookie(siteIdCookie);
+ response.addCookie(siteIdCookie);
// if trackingCode.siteId is not null write a trackable
cookie with name in the form: Ofbiz.TKCSiteId and timeout will be 60 * 60 * 24
* 365
Cookie updatedTimeStampCookie = new
Cookie("Ofbiz.TKCD.UpdatedTimeStamp" ,UtilDateTime.nowTimestamp().toString());
updatedTimeStampCookie.setMaxAge(siteIdCookieAge);
updatedTimeStampCookie.setPath("/");
if (cookieDomain.length() > 0)
updatedTimeStampCookie.setDomain(cookieDomain);
- updatedTimeStampCookie.setSecure(true);
- updatedTimeStampCookie.setHttpOnly(true);
- response.addCookie(updatedTimeStampCookie);
+ response.addCookie(updatedTimeStampCookie);
}
}
Modified:
ofbiz/trunk/applications/order/src/org/ofbiz/order/shoppinglist/ShoppingListEvents.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/src/org/ofbiz/order/shoppinglist/ShoppingListEvents.java?rev=1722379&r1=1722378&r2=1722379&view=diff
==============================================================================
---
ofbiz/trunk/applications/order/src/org/ofbiz/order/shoppinglist/ShoppingListEvents.java
(original)
+++
ofbiz/trunk/applications/order/src/org/ofbiz/order/shoppinglist/ShoppingListEvents.java
Wed Dec 30 17:00:00 2015
@@ -669,8 +669,6 @@ public class ShoppingListEvents {
Cookie guestShoppingListCookie = new
Cookie(guestShoppingUserName, autoSaveListId);
guestShoppingListCookie.setMaxAge(cookieAge);
guestShoppingListCookie.setPath("/");
- guestShoppingListCookie.setSecure(true);
- guestShoppingListCookie.setHttpOnly(true);
response.addCookie(guestShoppingListCookie);
}
}
@@ -694,8 +692,6 @@ public class ShoppingListEvents {
Cookie guestShoppingListCookie = new Cookie(guestShoppingUserName,
null);
guestShoppingListCookie.setMaxAge(0);
guestShoppingListCookie.setPath("/");
- guestShoppingListCookie.setSecure(true);
- guestShoppingListCookie.setHttpOnly(true);
response.addCookie(guestShoppingListCookie);
return "success";
}
Modified:
ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java?rev=1722379&r1=1722378&r2=1722379&view=diff
==============================================================================
---
ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java
(original)
+++
ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java
Wed Dec 30 17:00:00 2015
@@ -430,8 +430,6 @@ public class LoginEvents {
cookie.setMaxAge(60 * 60 * 24 * 365);
cookie.setPath("/");
cookie.setDomain(domain);
- cookie.setSecure(true);
- cookie.setHttpOnly(true);
response.addCookie(cookie);
}
}
Modified:
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java?rev=1722379&r1=1722378&r2=1722379&view=diff
==============================================================================
--- ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java
(original)
+++ ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java
Wed Dec 30 17:00:00 2015
@@ -763,8 +763,6 @@ public class LoginWorker {
autoLoginCookie.setMaxAge(60 * 60 * 24 * 365);
autoLoginCookie.setDomain(domain);
autoLoginCookie.setPath("/");
- autoLoginCookie.setSecure(true);
- autoLoginCookie.setHttpOnly(true);
response.addCookie(autoLoginCookie);
return autoLoginCheck(delegator, session,
userLogin.getString("userLoginId"));
} else {
@@ -835,8 +833,6 @@ public class LoginWorker {
Cookie autoLoginCookie = new
Cookie(getAutoLoginCookieName(request), userLogin.getString("userLoginId"));
autoLoginCookie.setMaxAge(0);
autoLoginCookie.setPath("/");
- autoLoginCookie.setSecure(true);
- autoLoginCookie.setHttpOnly(true);
response.addCookie(autoLoginCookie);
}
// remove the session attributes
Modified:
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java?rev=1722379&r1=1722378&r2=1722379&view=diff
==============================================================================
---
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java
(original)
+++
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java
Wed Dec 30 17:00:00 2015
@@ -1000,7 +1000,7 @@ public class RequestHandler {
resp.addHeader("strict-transport-security",
strictTransportSecurity);
}
} else {
- if (EntityUtilProperties.getPropertyAsBoolean("requestHandler",
"strict-transport-security", true)) {
+ if (EntityUtilProperties.getPropertyAsBoolean("requestHandler",
"strict-transport-security", true)) { // FIXME later pass
req.getAttribute("delegator") as last argument
resp.addHeader("strict-transport-security", "max-age=31536000;
includeSubDomains");
}
}
@@ -1016,17 +1016,6 @@ public class RequestHandler {
// https://wiki.mozilla.org/Security/Features/XSS_Filter
// https://bugzilla.mozilla.org/show_bug.cgi?id=528661
resp.addHeader("X-XSS-Protection","1; mode=block");
-
- String setCookie = resp.getHeader("set-cookie");
- if (UtilValidate.isNotEmpty(setCookie)) {
- setCookie = setCookie.toLowerCase();
- if (!setCookie.contains("secure")) {
- resp.setHeader("set-cookie", setCookie + "; secure;"); // Adds a
";" trail to be sure to separate things
- }
- if (!setCookie.contains("httponly")) {
- resp.setHeader("set-cookie", setCookie + "; httponly;"); //
Adds a ";" trail to be sure to separate things
- }
- }
try {
if (Debug.verboseOn()) Debug.logVerbose("Rendering view [" +
nextPage + "] of type [" + viewMap.type + "]", module);
Modified:
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/stats/VisitHandler.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/stats/VisitHandler.java?rev=1722379&r1=1722378&r2=1722379&view=diff
==============================================================================
--- ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/stats/VisitHandler.java
(original)
+++ ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/stats/VisitHandler.java
Wed Dec 30 17:00:00 2015
@@ -271,8 +271,6 @@ public class VisitHandler {
Cookie visitorCookie = new
Cookie(visitorCookieName, visitor.getString("visitorId"));
visitorCookie.setMaxAge(60 * 60 * 24 * 365);
visitorCookie.setPath("/");
- visitorCookie.setSecure(true);
- visitorCookie.setHttpOnly(true);
response.addCookie(visitorCookie);
}
}
