[
https://issues.apache.org/jira/browse/OFBIZ-10666?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16741530#comment-16741530
]
Jacques Le Roux commented on OFBIZ-10666:
-----------------------------------------
Actually we need more than that, and it's still not enough. According to
[https://www.google.com/search?q=java+get+rid+of+a+cookie&ie=UTF-8] , we need:
{noformat}
Index:
framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
===================================================================
---
framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
(revision 1851194)
+++
framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
(working copy)
@@ -975,8 +975,7 @@
}
if (cookies != null) {
for (Cookie cookie: cookies) {
- if (cookie.getName().equals(getAutoLoginCookieName(request))
- && cookie.getMaxAge() > 0) {
+ if (cookie.getName().equals(getAutoLoginCookieName(request))) {
autoUserLoginId = cookie.getValue();
break;
}
@@ -1012,7 +1011,6 @@
if (autoUserLogin != null){
return "success";
}
-
return autoLoginCheck(delegator, session, getAutoUserLoginId(request));
}
@@ -1052,7 +1050,7 @@
// remove the cookie
if (userLogin != null) {
- Cookie autoLoginCookie = new
Cookie(getAutoLoginCookieName(request), userLogin.getString("userLoginId"));
+ Cookie autoLoginCookie = new
Cookie(getAutoLoginCookieName(request), "");
autoLoginCookie.setMaxAge(0);
autoLoginCookie.setPath("/");
response.addCookie(autoLoginCookie);
{noformat}
But then we still have an issue with
{noformat}
private static String autoLoginCheck(Delegator delegator, HttpSession session,
String autoUserLoginId) {
[...]
if (person != null) {
session.setAttribute("autoName",
person.getString("firstName") + " " + person.getString("lastName"));
} else if (group != null) {
session.setAttribute("autoName",
group.getString("groupName"));
}
{noformat}
Which systematically resurrects autoName. I begin to wonder if we should not
rewrite the whole and use rather another not cookie based strategy like exposed
at
[https://stackoverflow.com/questions/2185951/how-do-i-keep-a-user-logged-into-my-site-for-months]
(1st answer, Java 8).
It's a bit early to tell, but I already spent a lot of time with this...
BTW we have 2 other occurences of {{setMaxAge(0)}} and only one use the right
strategy (using null instead of an empty String, I guess both work).
> User's name is displayed on ecommerce even after user logs out
> --------------------------------------------------------------
>
> Key: OFBIZ-10666
> URL: https://issues.apache.org/jira/browse/OFBIZ-10666
> Project: OFBiz
> Issue Type: Bug
> Components: ecommerce
> Affects Versions: Trunk
> Reporter: Arpit Mor
> Assignee: Jacques Le Roux
> Priority: Major
> Fix For: 17.12.01, 16.11.06
>
> Attachments: 1-OpenURL.png, 2-LoggedIn.png, 3-LoggedOut.png,
> 4-NotYou.png, OFBIZ-10666.patch
>
>
> Steps to regenerate:
> # Open URL: [https://demo-trunk.ofbiz.apache.org/ecommerce/control/main].
> Welcome is displayed and user's name is not displayed when URL is opened.
> (Please refer attachment: 1-OpenURL)
> # Login at ecommerce by clicking on login and entering Username: "admin" and
> Password: "ofbiz". Username will be displayed after user logs in. (Please
> refer attachment: 2-LoggedIn)
> # Logout of ecommerce by clicking on logout. User will be logged out and
> login link will be displayed in place of logout link, but the name of user is
> still displayed. (Please refer attachment: 3-LoggedOut)
> Actual: Username is still displayed after user logs out
>
> Expected: Username should not be displayed after the user logs out
>
> Note: Similar issue also exists when the user clicks on (Not You? Click Here)
> link. (Please refer attachment: 4-NotYou)
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
