I have issues with multiple decisions all around that same topic that never got community consensus. Changes to cookies, http redirects, authentication, and other commits that did not get a proper review from the community. Such major design decisions need proper review IMO
On Fri, Mar 23, 2018 at 11:38 AM, Jacques Le Roux <[email protected]> wrote: > Le 23/03/2018 à 09:33, Jacques Le Roux a écrit : >> >> Le 23/03/2018 à 09:21, Jacopo Cappellato a écrit : >>> >>> On Fri, Mar 23, 2018 at 8:36 AM, Jacques Le Roux < >>> [email protected]> wrote: >>> >>>> Did you try what I said? >>>> >>>> You can easily check by svn updating to r1819133 and removing the >>>> wrapper >>>> in ContextFilter.java. >>>> >>>> Maybe we need to revert Tomcat SSO then? >>> >>> >>> A thorough review of that feature is actually on my todo list since some >>> time, after I have noticed some potential design issues. >>> >>> Jacopo >>> >> Thanks Jacopo, >> >> I'll also review ASAP since I seconded this feature >> >> Jacques >> >> > BTW, forgot to say but the proposed feature at OFBIZ-10307 could be also > used locally (dropping the CORS part). > I tested it initially before crossing CORS (pun intended) and it works > perfectly. It's safe because, like JSESSION, it's build upon safe AutoLogin > cookies > So we could use it instead of ExternalLoginKey or TomcatSSO. I did not test > in a cluster environment though... > > Anyway just saying for now. > > Jacques >
