Hi Michael,

You are right, I missed that. Fortunately it's an easy fix.

I'll create a Jira and will commit the fix soon.

Jacques

Le 07/01/2019 à 17:26, Michael Brohl a écrit :
Hi Jacques,

inline...

Am 02.11.18 um 10:46 schrieb jler...@apache.org:
+    // Set an autologin cookie for the webapp if it requests it
      public static String autoLoginSet(HttpServletRequest request, 
HttpServletResponse response) {
          Delegator delegator = (Delegator) request.getAttribute("delegator");
          HttpSession session = request.getSession();
          GenericValue userLogin = (GenericValue) 
session.getAttribute("userLogin");
-        String domain = EntityUtilProperties.getPropertyValue("url", 
"cookie.domain", delegator);
-        if (userLogin != null) {
+        WebappInfo webappInfo = 
ComponentConfig.getWebappInfo("default-server", 
UtilHttp.getApplicationName(request));


This looks like it only works for webapps of the "default-server". This name is configurable in the ofbiz-component.xml and and should not be hard-coded in the code.

Am I right or do I miss something?

Regards,

Michael


+
+        if (userLogin != null && webappInfo != null && 
webappInfo.isAutologinCookieUsed()) {
              Cookie autoLoginCookie = new Cookie(getAutoLoginCookieName(request), 
userLogin.getString("userLoginId"));
              autoLoginCookie.setMaxAge(60 * 60 * 24 * 365);
-            autoLoginCookie.setDomain(domain);
-            autoLoginCookie.setPath("/");
+ autoLoginCookie.setDomain(EntityUtilProperties.getPropertyValue("url", 
"cookie.domain", delegator));
+            autoLoginCookie.setPath("/" + 
UtilHttp.getApplicationName(request));
              autoLoginCookie.setSecure(true);
              autoLoginCookie.setHttpOnly(true);
              response.addCookie(autoLoginCookie);
-
+
              return autoLoginCheck(delegator, session, 
userLogin.getString("userLoginId"));
          } else {
              return "success";
          }
      }

Reply via email to