[jira] [Commented] (OFBIZ-10666) User's name is displayed on ecommerce even after user logs out
[ https://issues.apache.org/jira/browse/OFBIZ-10666?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16743745#comment-16743745 ] Jacques Le Roux commented on OFBIZ-10666: - Yes, it's more about logout, but I guess you got the idea :) > User's name is displayed on ecommerce even after user logs out > -- > > Key: OFBIZ-10666 > URL: https://issues.apache.org/jira/browse/OFBIZ-10666 > Project: OFBiz > Issue Type: Bug > Components: ecommerce >Affects Versions: Trunk >Reporter: Arpit Mor >Assignee: Jacques Le Roux >Priority: Major > Fix For: 17.12.01, 16.11.06, 18.12.01 > > Attachments: 1-OpenURL.png, 2-LoggedIn.png, 3-LoggedOut.png, > 4-NotYou.png, OFBIZ-10666.patch, OFBiz-10666.patch > > > Steps to regenerate: > # Open URL: [https://demo-trunk.ofbiz.apache.org/ecommerce/control/main]. > Welcome is displayed and user's name is not displayed when URL is opened. > (Please refer attachment: 1-OpenURL) > # Login at ecommerce by clicking on login and entering Username: "admin" and > Password: "ofbiz". Username will be displayed after user logs in. (Please > refer attachment: 2-LoggedIn) > # Logout of ecommerce by clicking on logout. User will be logged out and > login link will be displayed in place of logout link, but the name of user is > still displayed. (Please refer attachment: 3-LoggedOut) > Actual: Username is still displayed after user logs out > > Expected: Username should not be displayed after the user logs out > > Note: Similar issue also exists when the user clicks on (Not You? Click Here) > link. (Please refer attachment: 4-NotYou) -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OFBIZ-10666) User's name is displayed on ecommerce even after user logs out
[ https://issues.apache.org/jira/browse/OFBIZ-10666?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16743633#comment-16743633 ] Deepak Nigam commented on OFBIZ-10666: -- Thanks for sharing "[the Onion parody|https://www.theonion.com/after-checking-your-bank-account-remember-to-log-out-1819584860]";. It is quite interesting, however difficult to grasp in first few readings. ;) > User's name is displayed on ecommerce even after user logs out > -- > > Key: OFBIZ-10666 > URL: https://issues.apache.org/jira/browse/OFBIZ-10666 > Project: OFBiz > Issue Type: Bug > Components: ecommerce >Affects Versions: Trunk >Reporter: Arpit Mor >Assignee: Jacques Le Roux >Priority: Major > Fix For: 17.12.01, 16.11.06, 18.12.01 > > Attachments: 1-OpenURL.png, 2-LoggedIn.png, 3-LoggedOut.png, > 4-NotYou.png, OFBIZ-10666.patch, OFBiz-10666.patch > > > Steps to regenerate: > # Open URL: [https://demo-trunk.ofbiz.apache.org/ecommerce/control/main]. > Welcome is displayed and user's name is not displayed when URL is opened. > (Please refer attachment: 1-OpenURL) > # Login at ecommerce by clicking on login and entering Username: "admin" and > Password: "ofbiz". Username will be displayed after user logs in. (Please > refer attachment: 2-LoggedIn) > # Logout of ecommerce by clicking on logout. User will be logged out and > login link will be displayed in place of logout link, but the name of user is > still displayed. (Please refer attachment: 3-LoggedOut) > Actual: Username is still displayed after user logs out > > Expected: Username should not be displayed after the user logs out > > Note: Similar issue also exists when the user clicks on (Not You? Click Here) > link. (Please refer attachment: 4-NotYou) -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OFBIZ-10666) User's name is displayed on ecommerce even after user logs out
[ https://issues.apache.org/jira/browse/OFBIZ-10666?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16741938#comment-16741938 ] Jacques Le Roux commented on OFBIZ-10666: - BTW Deepak, if you did not read it already, I think you should better appreciate [the Onion parody|https://www.theonion.com/after-checking-your-bank-account-remember-to-log-out-1819584860] I linked to above. It takes little experiences with cookies, login, logout and SSO to really appreciate it. The more I work on these subjects the more I understand why they wrote it ;) > User's name is displayed on ecommerce even after user logs out > -- > > Key: OFBIZ-10666 > URL: https://issues.apache.org/jira/browse/OFBIZ-10666 > Project: OFBiz > Issue Type: Bug > Components: ecommerce >Affects Versions: Trunk >Reporter: Arpit Mor >Assignee: Jacques Le Roux >Priority: Major > Fix For: 17.12.01, 16.11.06 > > Attachments: 1-OpenURL.png, 2-LoggedIn.png, 3-LoggedOut.png, > 4-NotYou.png, OFBIZ-10666.patch, OFBiz-10666.patch > > > Steps to regenerate: > # Open URL: [https://demo-trunk.ofbiz.apache.org/ecommerce/control/main]. > Welcome is displayed and user's name is not displayed when URL is opened. > (Please refer attachment: 1-OpenURL) > # Login at ecommerce by clicking on login and entering Username: "admin" and > Password: "ofbiz". Username will be displayed after user logs in. (Please > refer attachment: 2-LoggedIn) > # Logout of ecommerce by clicking on logout. User will be logged out and > login link will be displayed in place of logout link, but the name of user is > still displayed. (Please refer attachment: 3-LoggedOut) > Actual: Username is still displayed after user logs out > > Expected: Username should not be displayed after the user logs out > > Note: Similar issue also exists when the user clicks on (Not You? Click Here) > link. (Please refer attachment: 4-NotYou) -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OFBIZ-10666) User's name is displayed on ecommerce even after user logs out
[ https://issues.apache.org/jira/browse/OFBIZ-10666?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16741879#comment-16741879 ] Deepak Nigam commented on OFBIZ-10666: -- It seems that the actual problem is not 'autoName' (at least for this particular issue). On further investigation, I found that cookie path and domain are different in the methods of creating the auto-login cookie i.e. LoginWorker.autoLoginSet() and removing the auto-login cookie i.e. LoginWorker.autoLoginRemove(). After following changes the issue seems to be fixed: 1. Removed getMaxAge() check from the condition used in LoginWorker.getAutoUserLoginId() method. 2. Corrected the path and domain in the method LoginWorker.autoLoginRemove(). Please find the attached patch for reference and commit. > User's name is displayed on ecommerce even after user logs out > -- > > Key: OFBIZ-10666 > URL: https://issues.apache.org/jira/browse/OFBIZ-10666 > Project: OFBiz > Issue Type: Bug > Components: ecommerce >Affects Versions: Trunk >Reporter: Arpit Mor >Assignee: Jacques Le Roux >Priority: Major > Fix For: 17.12.01, 16.11.06 > > Attachments: 1-OpenURL.png, 2-LoggedIn.png, 3-LoggedOut.png, > 4-NotYou.png, OFBIZ-10666.patch > > > Steps to regenerate: > # Open URL: [https://demo-trunk.ofbiz.apache.org/ecommerce/control/main]. > Welcome is displayed and user's name is not displayed when URL is opened. > (Please refer attachment: 1-OpenURL) > # Login at ecommerce by clicking on login and entering Username: "admin" and > Password: "ofbiz". Username will be displayed after user logs in. (Please > refer attachment: 2-LoggedIn) > # Logout of ecommerce by clicking on logout. User will be logged out and > login link will be displayed in place of logout link, but the name of user is > still displayed. (Please refer attachment: 3-LoggedOut) > Actual: Username is still displayed after user logs out > > Expected: Username should not be displayed after the user logs out > > Note: Similar issue also exists when the user clicks on (Not You? Click Here) > link. (Please refer attachment: 4-NotYou) -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OFBIZ-10666) User's name is displayed on ecommerce even after user logs out
[ https://issues.apache.org/jira/browse/OFBIZ-10666?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16741784#comment-16741784 ] Jacques Le Roux commented on OFBIZ-10666: - Yes the problem is autoName, will see later... > User's name is displayed on ecommerce even after user logs out > -- > > Key: OFBIZ-10666 > URL: https://issues.apache.org/jira/browse/OFBIZ-10666 > Project: OFBiz > Issue Type: Bug > Components: ecommerce >Affects Versions: Trunk >Reporter: Arpit Mor >Assignee: Jacques Le Roux >Priority: Major > Fix For: 17.12.01, 16.11.06 > > Attachments: 1-OpenURL.png, 2-LoggedIn.png, 3-LoggedOut.png, > 4-NotYou.png, OFBIZ-10666.patch > > > Steps to regenerate: > # Open URL: [https://demo-trunk.ofbiz.apache.org/ecommerce/control/main]. > Welcome is displayed and user's name is not displayed when URL is opened. > (Please refer attachment: 1-OpenURL) > # Login at ecommerce by clicking on login and entering Username: "admin" and > Password: "ofbiz". Username will be displayed after user logs in. (Please > refer attachment: 2-LoggedIn) > # Logout of ecommerce by clicking on logout. User will be logged out and > login link will be displayed in place of logout link, but the name of user is > still displayed. (Please refer attachment: 3-LoggedOut) > Actual: Username is still displayed after user logs out > > Expected: Username should not be displayed after the user logs out > > Note: Similar issue also exists when the user clicks on (Not You? Click Here) > link. (Please refer attachment: 4-NotYou) -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OFBIZ-10666) User's name is displayed on ecommerce even after user logs out
[ https://issues.apache.org/jira/browse/OFBIZ-10666?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16741761#comment-16741761 ] Deepak Nigam commented on OFBIZ-10666: -- Thanks for the detailed research [~jacques.le.roux]. I have already tried by removing getMaxAge() from LoginWorker.getAutoUserLoginId() and setMaxAge(0). Even after setting the max age 0 I was getting the auto-login cookie from the cookies array inside LoginWorker.getAutoUserLoginId() method. It means the above statement "If a cookie has expired, the browser does not send that particular cookie to the server with the page request; instead, the expired cookie is deleted." is not 100% correct. So, if we remove the getMaxAge() check from the condition, then the issue reported in this ticket will come again. > User's name is displayed on ecommerce even after user logs out > -- > > Key: OFBIZ-10666 > URL: https://issues.apache.org/jira/browse/OFBIZ-10666 > Project: OFBiz > Issue Type: Bug > Components: ecommerce >Affects Versions: Trunk >Reporter: Arpit Mor >Assignee: Jacques Le Roux >Priority: Major > Fix For: 17.12.01, 16.11.06 > > Attachments: 1-OpenURL.png, 2-LoggedIn.png, 3-LoggedOut.png, > 4-NotYou.png, OFBIZ-10666.patch > > > Steps to regenerate: > # Open URL: [https://demo-trunk.ofbiz.apache.org/ecommerce/control/main]. > Welcome is displayed and user's name is not displayed when URL is opened. > (Please refer attachment: 1-OpenURL) > # Login at ecommerce by clicking on login and entering Username: "admin" and > Password: "ofbiz". Username will be displayed after user logs in. (Please > refer attachment: 2-LoggedIn) > # Logout of ecommerce by clicking on logout. User will be logged out and > login link will be displayed in place of logout link, but the name of user is > still displayed. (Please refer attachment: 3-LoggedOut) > Actual: Username is still displayed after user logs out > > Expected: Username should not be displayed after the user logs out > > Note: Similar issue also exists when the user clicks on (Not You? Click Here) > link. (Please refer attachment: 4-NotYou) -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OFBIZ-10666) User's name is displayed on ecommerce even after user logs out
[
https://issues.apache.org/jira/browse/OFBIZ-10666?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16741530#comment-16741530
]
Jacques Le Roux commented on OFBIZ-10666:
-
Actually we need more than that, and it's still not enough. According to
[https://www.google.com/search?q=java+get+rid+of+a+cookie&ie=UTF-8] , we need:
{noformat}
Index:
framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
===
---
framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
(revision 1851194)
+++
framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
(working copy)
@@ -975,8 +975,7 @@
}
if (cookies != null) {
for (Cookie cookie: cookies) {
-if (cookie.getName().equals(getAutoLoginCookieName(request))
-&& cookie.getMaxAge() > 0) {
+if (cookie.getName().equals(getAutoLoginCookieName(request))) {
autoUserLoginId = cookie.getValue();
break;
}
@@ -1012,7 +1011,6 @@
if (autoUserLogin != null){
return "success";
}
-
return autoLoginCheck(delegator, session, getAutoUserLoginId(request));
}
@@ -1052,7 +1050,7 @@
// remove the cookie
if (userLogin != null) {
-Cookie autoLoginCookie = new
Cookie(getAutoLoginCookieName(request), userLogin.getString("userLoginId"));
+Cookie autoLoginCookie = new
Cookie(getAutoLoginCookieName(request), "");
autoLoginCookie.setMaxAge(0);
autoLoginCookie.setPath("/");
response.addCookie(autoLoginCookie);
{noformat}
But then we still have an issue with
{noformat}
private static String autoLoginCheck(Delegator delegator, HttpSession session,
String autoUserLoginId) {
[...]
if (person != null) {
session.setAttribute("autoName",
person.getString("firstName") + " " + person.getString("lastName"));
} else if (group != null) {
session.setAttribute("autoName",
group.getString("groupName"));
}
{noformat}
Which systematically resurrects autoName. I begin to wonder if we should not
rewrite the whole and use rather another not cookie based strategy like exposed
at
[https://stackoverflow.com/questions/2185951/how-do-i-keep-a-user-logged-into-my-site-for-months]
(1st answer, Java 8).
It's a bit early to tell, but I already spent a lot of time with this...
BTW we have 2 other occurences of {{setMaxAge(0)}} and only one use the right
strategy (using null instead of an empty String, I guess both work).
> User's name is displayed on ecommerce even after user logs out
> --
>
> Key: OFBIZ-10666
> URL: https://issues.apache.org/jira/browse/OFBIZ-10666
> Project: OFBiz
> Issue Type: Bug
> Components: ecommerce
>Affects Versions: Trunk
>Reporter: Arpit Mor
>Assignee: Jacques Le Roux
>Priority: Major
> Fix For: 17.12.01, 16.11.06
>
> Attachments: 1-OpenURL.png, 2-LoggedIn.png, 3-LoggedOut.png,
> 4-NotYou.png, OFBIZ-10666.patch
>
>
> Steps to regenerate:
> # Open URL: [https://demo-trunk.ofbiz.apache.org/ecommerce/control/main].
> Welcome is displayed and user's name is not displayed when URL is opened.
> (Please refer attachment: 1-OpenURL)
> # Login at ecommerce by clicking on login and entering Username: "admin" and
> Password: "ofbiz". Username will be displayed after user logs in. (Please
> refer attachment: 2-LoggedIn)
> # Logout of ecommerce by clicking on logout. User will be logged out and
> login link will be displayed in place of logout link, but the name of user is
> still displayed. (Please refer attachment: 3-LoggedOut)
> Actual: Username is still displayed after user logs out
>
> Expected: Username should not be displayed after the user logs out
>
> Note: Similar issue also exists when the user clicks on (Not You? Click Here)
> link. (Please refer attachment: 4-NotYou)
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (OFBIZ-10666) User's name is displayed on ecommerce even after user logs out
[
https://issues.apache.org/jira/browse/OFBIZ-10666?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16741278#comment-16741278
]
Jacques Le Roux commented on OFBIZ-10666:
-
Thanks Deepak,
Got it w/ your 1st link, it's troublesome. The Javadoc is really not well done
and should speak about this aspect rather than simply telling us
{quote}
Gets the maximum age in seconds of this Cookie.
By default, -1 is returned, which indicates that the cookie will persist until
browser shutdown.
Returns:an integer specifying the maximum age of the cookie in seconds; if
negative, means the cookie persists until browser shutdown
{quote}
misleading!
Anyway, because if the cookie is still valid we will get its name, I think we
are good to remove getMaxAge as in the patch below
{code}
Index:
framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
===
---
framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
(révision 1851160)
+++
framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
(copie de travail)
@@ -975,8 +975,7 @@
}
if (cookies != null) {
for (Cookie cookie: cookies) {
-if (cookie.getName().equals(getAutoLoginCookieName(request))
-&& cookie.getMaxAge() > 0) {
+if (cookie.getName().equals(getAutoLoginCookieName(request))) {
autoUserLoginId = cookie.getValue();
break;
}
{code}
I'll commit soon.
This said it's also used in CrossSubdomainSessionValve::replaceCookie, not sure
it's an issue or not there.
> User's name is displayed on ecommerce even after user logs out
> --
>
> Key: OFBIZ-10666
> URL: https://issues.apache.org/jira/browse/OFBIZ-10666
> Project: OFBiz
> Issue Type: Bug
> Components: ecommerce
>Affects Versions: Trunk
>Reporter: Arpit Mor
>Assignee: Jacques Le Roux
>Priority: Major
> Fix For: 17.12.01, 16.11.06
>
> Attachments: 1-OpenURL.png, 2-LoggedIn.png, 3-LoggedOut.png,
> 4-NotYou.png, OFBIZ-10666.patch
>
>
> Steps to regenerate:
> # Open URL: [https://demo-trunk.ofbiz.apache.org/ecommerce/control/main].
> Welcome is displayed and user's name is not displayed when URL is opened.
> (Please refer attachment: 1-OpenURL)
> # Login at ecommerce by clicking on login and entering Username: "admin" and
> Password: "ofbiz". Username will be displayed after user logs in. (Please
> refer attachment: 2-LoggedIn)
> # Logout of ecommerce by clicking on logout. User will be logged out and
> login link will be displayed in place of logout link, but the name of user is
> still displayed. (Please refer attachment: 3-LoggedOut)
> Actual: Username is still displayed after user logs out
>
> Expected: Username should not be displayed after the user logs out
>
> Note: Similar issue also exists when the user clicks on (Not You? Click Here)
> link. (Please refer attachment: 4-NotYou)
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (OFBIZ-10666) User's name is displayed on ecommerce even after user logs out
[ https://issues.apache.org/jira/browse/OFBIZ-10666?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16712560#comment-16712560 ] Jacques Le Roux commented on OFBIZ-10666: - Thanks Deepak, I'll commit soon. > User's name is displayed on ecommerce even after user logs out > -- > > Key: OFBIZ-10666 > URL: https://issues.apache.org/jira/browse/OFBIZ-10666 > Project: OFBiz > Issue Type: Bug > Components: ecommerce >Affects Versions: Trunk >Reporter: Arpit Mor >Assignee: Jacques Le Roux >Priority: Major > Attachments: 1-OpenURL.png, 2-LoggedIn.png, 3-LoggedOut.png, > 4-NotYou.png, OFBIZ-10666.patch > > > Steps to regenerate: > # Open URL: [https://demo-trunk.ofbiz.apache.org/ecommerce/control/main]. > Welcome is displayed and user's name is not displayed when URL is opened. > (Please refer attachment: 1-OpenURL) > # Login at ecommerce by clicking on login and entering Username: "admin" and > Password: "ofbiz". Username will be displayed after user logs in. (Please > refer attachment: 2-LoggedIn) > # Logout of ecommerce by clicking on logout. User will be logged out and > login link will be displayed in place of logout link, but the name of user is > still displayed. (Please refer attachment: 3-LoggedOut) > Actual: Username is still displayed after user logs out > > Expected: Username should not be displayed after the user logs out > > Note: Similar issue also exists when the user clicks on (Not You? Click Here) > link. (Please refer attachment: 4-NotYou) -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OFBIZ-10666) User's name is displayed on ecommerce even after user logs out
[ https://issues.apache.org/jira/browse/OFBIZ-10666?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16712352#comment-16712352 ] Deepak Dixit commented on OFBIZ-10666: -- Thanks Jacques for detail description, I agree autoLogin should be removed if a user does log out. Also if the system using autoLogin then also if he wants to access profile or some other information he needs to login again. Also if the visit tracking is disabled then the system does not run the first visit event, so its good to have autoLoginCheck on preprocessor. > User's name is displayed on ecommerce even after user logs out > -- > > Key: OFBIZ-10666 > URL: https://issues.apache.org/jira/browse/OFBIZ-10666 > Project: OFBiz > Issue Type: Bug > Components: ecommerce >Affects Versions: Trunk >Reporter: Arpit Mor >Assignee: Jacques Le Roux >Priority: Major > Attachments: 1-OpenURL.png, 2-LoggedIn.png, 3-LoggedOut.png, > 4-NotYou.png, OFBIZ-10666.patch > > > Steps to regenerate: > # Open URL: [https://demo-trunk.ofbiz.apache.org/ecommerce/control/main]. > Welcome is displayed and user's name is not displayed when URL is opened. > (Please refer attachment: 1-OpenURL) > # Login at ecommerce by clicking on login and entering Username: "admin" and > Password: "ofbiz". Username will be displayed after user logs in. (Please > refer attachment: 2-LoggedIn) > # Logout of ecommerce by clicking on logout. User will be logged out and > login link will be displayed in place of logout link, but the name of user is > still displayed. (Please refer attachment: 3-LoggedOut) > Actual: Username is still displayed after user logs out > > Expected: Username should not be displayed after the user logs out > > Note: Similar issue also exists when the user clicks on (Not You? Click Here) > link. (Please refer attachment: 4-NotYou) -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OFBIZ-10666) User's name is displayed on ecommerce even after user logs out
[
https://issues.apache.org/jira/browse/OFBIZ-10666?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16711497#comment-16711497
]
Jacques Le Roux commented on OFBIZ-10666:
-
Yes and it's based on the autologin cookie and that's where things get
complicated.
I cleaned the situation with the OFBIZ-4959 and OFBIZ-10635. But browsers
behaviours are different. That's why The Onion wrote [this
parody|https://www.theonion.com/after-checking-your-bank-account-remember-to-log-out-1819584860].
For instance FF is snarky because [it does not delete expired cookies
immediately even if you close
FF|https://support.mozilla.org/fr/questions/983361]. So when you quickly look
at them in the browser they are still there with a date :/. So you can't refer
to FF for checking cookie values.
Also there are stil some inconsistencies with current behaviour. So I double
checked that in detail and here are my conclusion.
I did well by setting {{autoLoginCookie.setMaxAge(0);}} in
{{LoginWorker::autoLoginRemove}}. But I missed that the cookie can still be
there after autoLoginRemove (which calls logout, important for the sequel). So
after a logout or an autoLoginRemove, OFBiz consider it's a 1st visit and call
autoLoginRemove which depends on the cookie value ("autoUserLoginId"). And set
the sessionAttributes.autoName again on which the information in header depends.
The autoLogin feature improves the user's experience. During a year if the
user comes back s/he is logged in automatically after her/his last visit.
But if the user is not the right one (for instance several users use the same
machine) or if s/he decided to log out then s/he should not be logged in and
her/his name should not appear on header.
Here is a patch that should conform the behaviour to this "specification",
please check if it's OK with you before I commit. Note that you might encounter
issue if you don't start from a clean state. So better to remove the JSESSIONID
cookie for the ecommerce application before starting.
The idea is to have only one way to logout and autoLoginRemove should be used.
Also not only rely on 1st visit processor to run autoLoginCheck but also on
preprocessor. The later might be controversial but I did not find a better way
to fix the current behaviour.
> User's name is displayed on ecommerce even after user logs out
> --
>
> Key: OFBIZ-10666
> URL: https://issues.apache.org/jira/browse/OFBIZ-10666
> Project: OFBiz
> Issue Type: Bug
> Components: ecommerce
>Affects Versions: Trunk
>Reporter: Arpit Mor
>Assignee: Jacques Le Roux
>Priority: Major
> Attachments: 1-OpenURL.png, 2-LoggedIn.png, 3-LoggedOut.png,
> 4-NotYou.png, OFBIZ-10666.patch
>
>
> Steps to regenerate:
> # Open URL: [https://demo-trunk.ofbiz.apache.org/ecommerce/control/main].
> Welcome is displayed and user's name is not displayed when URL is opened.
> (Please refer attachment: 1-OpenURL)
> # Login at ecommerce by clicking on login and entering Username: "admin" and
> Password: "ofbiz". Username will be displayed after user logs in. (Please
> refer attachment: 2-LoggedIn)
> # Logout of ecommerce by clicking on logout. User will be logged out and
> login link will be displayed in place of logout link, but the name of user is
> still displayed. (Please refer attachment: 3-LoggedOut)
> Actual: Username is still displayed after user logs out
>
> Expected: Username should not be displayed after the user logs out
>
> Note: Similar issue also exists when the user clicks on (Not You? Click Here)
> link. (Please refer attachment: 4-NotYou)
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (OFBIZ-10666) User's name is displayed on ecommerce even after user logs out
[ https://issues.apache.org/jira/browse/OFBIZ-10666?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16711245#comment-16711245 ] Deepak Dixit commented on OFBIZ-10666: -- This is due to autoLogin feature, it's not a bug instead it's a feature, we can say its soft login or autologin. > User's name is displayed on ecommerce even after user logs out > -- > > Key: OFBIZ-10666 > URL: https://issues.apache.org/jira/browse/OFBIZ-10666 > Project: OFBiz > Issue Type: Bug > Components: ecommerce >Affects Versions: Trunk >Reporter: Arpit Mor >Assignee: Jacques Le Roux >Priority: Major > Attachments: 1-OpenURL.png, 2-LoggedIn.png, 3-LoggedOut.png, > 4-NotYou.png > > > Steps to regenerate: > # Open URL: [https://demo-trunk.ofbiz.apache.org/ecommerce/control/main]. > Welcome is displayed and user's name is not displayed when URL is opened. > (Please refer attachment: 1-OpenURL) > # Login at ecommerce by clicking on login and entering Username: "admin" and > Password: "ofbiz". Username will be displayed after user logs in. (Please > refer attachment: 2-LoggedIn) > # Logout of ecommerce by clicking on logout. User will be logged out and > login link will be displayed in place of logout link, but the name of user is > still displayed. (Please refer attachment: 3-LoggedOut) > Actual: Username is still displayed after user logs out > > Expected: Username should not be displayed after the user logs out > > Note: Similar issue also exists when the user clicks on (Not You? Click Here) > link. (Please refer attachment: 4-NotYou) -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OFBIZ-10666) User's name is displayed on ecommerce even after user logs out
[ https://issues.apache.org/jira/browse/OFBIZ-10666?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16711208#comment-16711208 ] Arpit Mor commented on OFBIZ-10666: --- Hi Jacques, "Not you" link does not work even when you click on it before logging out. If a user is logged in and he clicks on "Not you" link then the user does get logged out which is working as expected but the issue here is that the name of user is still displayed after the user is logged out by clicking on "Not you" IMO if the issue where the name of the user is displayed after he logs out is resolved then the issue with "Not you" link will also be resolved > User's name is displayed on ecommerce even after user logs out > -- > > Key: OFBIZ-10666 > URL: https://issues.apache.org/jira/browse/OFBIZ-10666 > Project: OFBiz > Issue Type: Bug > Components: ecommerce >Affects Versions: Trunk >Reporter: Arpit Mor >Assignee: Jacques Le Roux >Priority: Major > Attachments: 1-OpenURL.png, 2-LoggedIn.png, 3-LoggedOut.png, > 4-NotYou.png > > > Steps to regenerate: > # Open URL: [https://demo-trunk.ofbiz.apache.org/ecommerce/control/main]. > Welcome is displayed and user's name is not displayed when URL is opened. > (Please refer attachment: 1-OpenURL) > # Login at ecommerce by clicking on login and entering Username: "admin" and > Password: "ofbiz". Username will be displayed after user logs in. (Please > refer attachment: 2-LoggedIn) > # Logout of ecommerce by clicking on logout. User will be logged out and > login link will be displayed in place of logout link, but the name of user is > still displayed. (Please refer attachment: 3-LoggedOut) > Actual: Username is still displayed after user logs out > > Expected: Username should not be displayed after the user logs out > > Note: Similar issue also exists when the user clicks on (Not You? Click Here) > link. (Please refer attachment: 4-NotYou) -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OFBIZ-10666) User's name is displayed on ecommerce even after user logs out
[ https://issues.apache.org/jira/browse/OFBIZ-10666?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16711163#comment-16711163 ] Jacques Le Roux commented on OFBIZ-10666: - If you click on the "Not you" link before loggin out it works, but not after having clicked on the loggin out link, which does not work. I think I know why and will fix that soon. > User's name is displayed on ecommerce even after user logs out > -- > > Key: OFBIZ-10666 > URL: https://issues.apache.org/jira/browse/OFBIZ-10666 > Project: OFBiz > Issue Type: Bug > Components: ecommerce >Affects Versions: Trunk >Reporter: Arpit Mor >Assignee: Jacques Le Roux >Priority: Major > Attachments: 1-OpenURL.png, 2-LoggedIn.png, 3-LoggedOut.png, > 4-NotYou.png > > > Steps to regenerate: > # Open URL: [https://demo-trunk.ofbiz.apache.org/ecommerce/control/main]. > Welcome is displayed and user's name is not displayed when URL is opened. > (Please refer attachment: 1-OpenURL) > # Login at ecommerce by clicking on login and entering Username: "admin" and > Password: "ofbiz". Username will be displayed after user logs in. (Please > refer attachment: 2-LoggedIn) > # Logout of ecommerce by clicking on logout. User will be logged out and > login link will be displayed in place of logout link, but the name of user is > still displayed. (Please refer attachment: 3-LoggedOut) > Actual: Username is still displayed after user logs out > > Expected: Username should not be displayed after the user logs out > > Note: Similar issue also exists when the user clicks on (Not You? Click Here) > link. (Please refer attachment: 4-NotYou) -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OFBIZ-10666) User's name is displayed on ecommerce even after user logs out
[ https://issues.apache.org/jira/browse/OFBIZ-10666?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16698117#comment-16698117 ] Jacques Le Roux commented on OFBIZ-10666: - This is certainly related to OFBIZ-4959 and OFBIZ-10635. I'll have a look as soon as I get a chance. I'd not be upset if someone fix it before me ;) > User's name is displayed on ecommerce even after user logs out > -- > > Key: OFBIZ-10666 > URL: https://issues.apache.org/jira/browse/OFBIZ-10666 > Project: OFBiz > Issue Type: Bug > Components: ecommerce >Affects Versions: Trunk >Reporter: Arpit Mor >Assignee: Garima jain >Priority: Major > Attachments: 1-OpenURL.png, 2-LoggedIn.png, 3-LoggedOut.png, > 4-NotYou.png > > > Steps to regenerate: > # Open URL: [https://demo-trunk.ofbiz.apache.org/ecommerce/control/main]. > Welcome is displayed and user's name is not displayed when URL is opened. > (Please refer attachment: 1-OpenURL) > # Login at ecommerce by clicking on login and entering Username: "admin" and > Password: "ofbiz". Username will be displayed after user logs in. (Please > refer attachment: 2-LoggedIn) > # Logout of ecommerce by clicking on logout. User will be logged out and > login link will be displayed in place of logout link, but the name of user is > still displayed. (Please refer attachment: 3-LoggedOut) > Actual: Username is still displayed after user logs out > > Expected: Username should not be displayed after the user logs out > > Note: Similar issue also exists when the user clicks on (Not You? Click Here) > link. (Please refer attachment: 4-NotYou) -- This message was sent by Atlassian JIRA (v7.6.3#76005)
