[ https://issues.apache.org/jira/browse/OFBIZ-10666?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16741530#comment-16741530 ]
Jacques Le Roux commented on OFBIZ-10666: ----------------------------------------- Actually we need more than that, and it's still not enough. According to [https://www.google.com/search?q=java+get+rid+of+a+cookie&ie=UTF-8] , we need: {noformat} Index: framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java =================================================================== --- framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java (revision 1851194) +++ framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java (working copy) @@ -975,8 +975,7 @@ } if (cookies != null) { for (Cookie cookie: cookies) { - if (cookie.getName().equals(getAutoLoginCookieName(request)) - && cookie.getMaxAge() > 0) { + if (cookie.getName().equals(getAutoLoginCookieName(request))) { autoUserLoginId = cookie.getValue(); break; } @@ -1012,7 +1011,6 @@ if (autoUserLogin != null){ return "success"; } - return autoLoginCheck(delegator, session, getAutoUserLoginId(request)); } @@ -1052,7 +1050,7 @@ // remove the cookie if (userLogin != null) { - Cookie autoLoginCookie = new Cookie(getAutoLoginCookieName(request), userLogin.getString("userLoginId")); + Cookie autoLoginCookie = new Cookie(getAutoLoginCookieName(request), ""); autoLoginCookie.setMaxAge(0); autoLoginCookie.setPath("/"); response.addCookie(autoLoginCookie); {noformat} But then we still have an issue with {noformat} private static String autoLoginCheck(Delegator delegator, HttpSession session, String autoUserLoginId) { [...] if (person != null) { session.setAttribute("autoName", person.getString("firstName") + " " + person.getString("lastName")); } else if (group != null) { session.setAttribute("autoName", group.getString("groupName")); } {noformat} Which systematically resurrects autoName. I begin to wonder if we should not rewrite the whole and use rather another not cookie based strategy like exposed at [https://stackoverflow.com/questions/2185951/how-do-i-keep-a-user-logged-into-my-site-for-months] (1st answer, Java 8). It's a bit early to tell, but I already spent a lot of time with this... BTW we have 2 other occurences of {{setMaxAge(0)}} and only one use the right strategy (using null instead of an empty String, I guess both work). > User's name is displayed on ecommerce even after user logs out > -------------------------------------------------------------- > > Key: OFBIZ-10666 > URL: https://issues.apache.org/jira/browse/OFBIZ-10666 > Project: OFBiz > Issue Type: Bug > Components: ecommerce > Affects Versions: Trunk > Reporter: Arpit Mor > Assignee: Jacques Le Roux > Priority: Major > Fix For: 17.12.01, 16.11.06 > > Attachments: 1-OpenURL.png, 2-LoggedIn.png, 3-LoggedOut.png, > 4-NotYou.png, OFBIZ-10666.patch > > > Steps to regenerate: > # Open URL: [https://demo-trunk.ofbiz.apache.org/ecommerce/control/main]. > Welcome is displayed and user's name is not displayed when URL is opened. > (Please refer attachment: 1-OpenURL) > # Login at ecommerce by clicking on login and entering Username: "admin" and > Password: "ofbiz". Username will be displayed after user logs in. (Please > refer attachment: 2-LoggedIn) > # Logout of ecommerce by clicking on logout. User will be logged out and > login link will be displayed in place of logout link, but the name of user is > still displayed. (Please refer attachment: 3-LoggedOut) > Actual: Username is still displayed after user logs out > > Expected: Username should not be displayed after the user logs out > > Note: Similar issue also exists when the user clicks on (Not You? Click Here) > link. (Please refer attachment: 4-NotYou) -- This message was sent by Atlassian JIRA (v7.6.3#76005)