[
https://issues.apache.org/jira/browse/OFBIZ-10666?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16740169#comment-16740169
]
Jacques Le Roux edited comment on OFBIZ-10666 at 1/11/19 2:36 PM:
------------------------------------------------------------------
As per the discussion above, if the user does logout intentionally, then the
autoLogin cookie should not be used otherwise it should be used. But autoLogin
cookie is not getting used in any of the cases. Consider the below code snippet
from LoginWorker.getAutoUserLoginId() method:
{code:java}
if (cookie.getName().equals(getAutoLoginCookieName(request)) &&
cookie.getMaxAge() > 0) {
autoUserLoginId = cookie.getValue();
break;
}
{code}
In the above condition the cookie.getMaxAge(0) function is not working as
expexted because getMaxAge() method is not a reliable one and returns -1 in
most of the cases.
Please refer to the following links for more information:
[In Java servlet, cookie.getMaxAge() always returns
-1|https://stackoverflow.com/questions/14391749/in-java-servlet-cookie-getmaxage-always-returns-1]
[What do browsers do with expired
cookies?|https://superuser.com/questions/356265/what-do-browsers-do-with-expired-cookies]
If a cookie has expired, the browser does not send that particular cookie to
the server with the page request; instead, the expired cookie is deleted.
was (Author: deepak.nigam):
As per the discussion above, if the user does logout intentionally, then the
autoLogin cookie should not be used otherwise it should be used. But autoLogin
cookie is not getting used in any of the cases. Consider the below code snippet
from LoginWorker.getAutoUserLoginId() method:
if (cookie.getName().equals(getAutoLoginCookieName(request)) &&
cookie.getMaxAge() > 0) {
autoUserLoginId = cookie.getValue();
break;
}
In the above condition the cookie.getMaxAge(0) function is not working as
expexted because getMaxAge() method is not a reliable one and returns -1 in
most of the cases.
Please refer to the following links for more information:
[In Java servlet, cookie.getMaxAge() always returns
-1|https://stackoverflow.com/questions/14391749/in-java-servlet-cookie-getmaxage-always-returns-1]
[What do browsers do with expired
cookies?|https://superuser.com/questions/356265/what-do-browsers-do-with-expired-cookies]
If a cookie has expired, the browser does not send that particular cookie to
the server with the page request; instead, the expired cookie is deleted.
> User's name is displayed on ecommerce even after user logs out
> --------------------------------------------------------------
>
> Key: OFBIZ-10666
> URL: https://issues.apache.org/jira/browse/OFBIZ-10666
> Project: OFBiz
> Issue Type: Bug
> Components: ecommerce
> Affects Versions: Trunk
> Reporter: Arpit Mor
> Assignee: Jacques Le Roux
> Priority: Major
> Fix For: 17.12.01, 16.11.06
>
> Attachments: 1-OpenURL.png, 2-LoggedIn.png, 3-LoggedOut.png,
> 4-NotYou.png, OFBIZ-10666.patch
>
>
> Steps to regenerate:
> # Open URL: [https://demo-trunk.ofbiz.apache.org/ecommerce/control/main].
> Welcome is displayed and user's name is not displayed when URL is opened.
> (Please refer attachment: 1-OpenURL)
> # Login at ecommerce by clicking on login and entering Username: "admin" and
> Password: "ofbiz". Username will be displayed after user logs in. (Please
> refer attachment: 2-LoggedIn)
> # Logout of ecommerce by clicking on logout. User will be logged out and
> login link will be displayed in place of logout link, but the name of user is
> still displayed. (Please refer attachment: 3-LoggedOut)
> Actual: Username is still displayed after user logs out
>
> Expected: Username should not be displayed after the user logs out
>
> Note: Similar issue also exists when the user clicks on (Not You? Click Here)
> link. (Please refer attachment: 4-NotYou)
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
