Le 23/03/2018 à 09:33, Jacques Le Roux a écrit :
Le 23/03/2018 à 09:21, Jacopo Cappellato a écrit :
On Fri, Mar 23, 2018 at 8:36 AM, Jacques Le Roux <
[email protected]> wrote:
Did you try what I said?
You can easily check by svn updating to r1819133 and removing the wrapper
in ContextFilter.java.
Maybe we need to revert Tomcat SSO then?
A thorough review of that feature is actually on my todo list since some
time, after I have noticed some potential design issues.
Jacopo
Thanks Jacopo,
I'll also review ASAP since I seconded this feature
Jacques
BTW, forgot to say but the proposed feature at OFBIZ-10307 could be also used
locally (dropping the CORS part).
I tested it initially before crossing CORS (pun intended) and it works perfectly. It's safe because, like JSESSION, it's build upon safe AutoLogin
cookies
So we could use it instead of ExternalLoginKey or TomcatSSO. I did not test in
a cluster environment though...
Anyway just saying for now.
Jacques
