Done with OFBIZ-10635
Thanks for spotting it
Jacques
Le 07/01/2019 à 21:03, Jacques Le Roux a écrit :
Hi Michael,
You are right, I missed that. Fortunately it's an easy fix.
I'll create a Jira and will commit the fix soon.
Jacques
Le 07/01/2019 à 17:26, Michael Brohl a écrit :
Hi Jacques,
inline...
Am 02.11.18 um 10:46 schrieb jler...@apache.org:
+ // Set an autologin cookie for the webapp if it requests it
public static String autoLoginSet(HttpServletRequest request,
HttpServletResponse response) {
Delegator delegator = (Delegator) request.getAttribute("delegator");
HttpSession session = request.getSession();
GenericValue userLogin = (GenericValue)
session.getAttribute("userLogin");
- String domain = EntityUtilProperties.getPropertyValue("url",
"cookie.domain", delegator);
- if (userLogin != null) {
+ WebappInfo webappInfo =
ComponentConfig.getWebappInfo("default-server",
UtilHttp.getApplicationName(request));
This looks like it only works for webapps of the "default-server". This name is configurable in the ofbiz-component.xml and and should not be
hard-coded in the code.
Am I right or do I miss something?
Regards,
Michael
+
+ if (userLogin != null && webappInfo != null &&
webappInfo.isAutologinCookieUsed()) {
Cookie autoLoginCookie = new Cookie(getAutoLoginCookieName(request),
userLogin.getString("userLoginId"));
autoLoginCookie.setMaxAge(60 * 60 * 24 * 365);
- autoLoginCookie.setDomain(domain);
- autoLoginCookie.setPath("/");
+ autoLoginCookie.setDomain(EntityUtilProperties.getPropertyValue("url",
"cookie.domain", delegator));
+ autoLoginCookie.setPath("/" +
UtilHttp.getApplicationName(request));
autoLoginCookie.setSecure(true);
autoLoginCookie.setHttpOnly(true);
response.addCookie(autoLoginCookie);
-
+
return autoLoginCheck(delegator, session,
userLogin.getString("userLoginId"));
} else {
return "success";
}
}
