[jira] [Comment Edited] (OFBIZ-10666) User's name is displayed on ecommerce even after user logs out
Locked
[jira] [Comment Edited] (OFBIZ-10666) User's name is displayed on ecommerce even after user logs out
 
|
[ https://issues.apache.org/jira/browse/OFBIZ-10666?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16741530#comment-16741530 ] Jacques Le Roux edited comment on OFBIZ-10666 at 1/13/19 11:41 AM: ------------------------------------------------------------------- Actually we need more than that, and it's still not enough. According to [https://www.google.com/search?q=java+get+rid+of+a+cookie&ie=UTF-8] , we need: {noformat} Index: framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java =================================================================== --- framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java (revision 1851194) +++ framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java (working copy) @@ -975,8 +975,7 @@ } if (cookies != null) { for (Cookie cookie: cookies) { - if (cookie.getName().equals(getAutoLoginCookieName(request)) - && cookie.getMaxAge() > 0) { + if (cookie.getName().equals(getAutoLoginCookieName(request))) { autoUserLoginId = cookie.getValue(); break; } @@ -1012,7 +1011,6 @@ if (autoUserLogin != null){ return "success"; } - return autoLoginCheck(delegator, session, getAutoUserLoginId(request)); } @@ -1052,7 +1050,7 @@ // remove the cookie if (userLogin != null) { - Cookie autoLoginCookie = new Cookie(getAutoLoginCookieName(request), userLogin.getString("userLoginId")); + Cookie autoLoginCookie = new Cookie(getAutoLoginCookieName(request), ""); autoLoginCookie.setMaxAge(0); autoLoginCookie.setPath("/"); response.addCookie(autoLoginCookie); {noformat} But then we still have an issue with {noformat} private static String autoLoginCheck(Delegator delegator, HttpSession session, String autoUserLoginId) { [...] if (person != null) { session.setAttribute("autoName", person.getString("firstName") + " " + person.getString("lastName")); } else if (group != null) { session.setAttribute("autoName", group.getString("groupName")); } {noformat} Which systematically resurrects autoName. BTW we have 2 other occurences of {{setMaxAge(0)}} and only one use the right strategy (using null instead of an empty String, I guess both work). was (Author: jacques.le.roux): Actually we need more than that, and it's still not enough. According to [https://www.google.com/search?q=java+get+rid+of+a+cookie&ie=UTF-8] , we need: {noformat} Index: framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java =================================================================== --- framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java (revision 1851194) +++ framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java (working copy) @@ -975,8 +975,7 @@ } if (cookies != null) { for (Cookie cookie: cookies) { - if (cookie.getName().equals(getAutoLoginCookieName(request)) - && cookie.getMaxAge() > 0) { + if (cookie.getName().equals(getAutoLoginCookieName(request))) { autoUserLoginId = cookie.getValue(); break; } @@ -1012,7 +1011,6 @@ if (autoUserLogin != null){ return "success"; } - return autoLoginCheck(delegator, session, getAutoUserLoginId(request)); } @@ -1052,7 +1050,7 @@ // remove the cookie if (userLogin != null) { - Cookie autoLoginCookie = new Cookie(getAutoLoginCookieName(request), userLogin.getString("userLoginId")); + Cookie autoLoginCookie = new Cookie(getAutoLoginCookieName(request), ""); autoLoginCookie.setMaxAge(0); autoLoginCookie.setPath("/"); response.addCookie(autoLoginCookie); {noformat} But then we still have an issue with {noformat} private static String autoLoginCheck(Delegator delegator, HttpSession session, String autoUserLoginId) { [...] if (person != null) { session.setAttribute("autoName", person.getString("firstName") + " " + person.getString("lastName")); } else if (group != null) { session.setAttribute("autoName", group.getString("groupName")); } {noformat} Which systematically resurrects autoName. I begin to wonder if we should not rewrite the whole and use rather another not cookie based strategy like exposed at [https://stackoverflow.com/questions/2185951/how-do-i-keep-a-user-logged-into-my-site-for-months] (1st answer, Java 8). It's a bit early to tell, but I already spent a lot of time with this... BTW we have 2 other occurences of {{setMaxAge(0)}} and only one use the right strategy (using null instead of an empty String, I guess both work). > User's name is displayed on ecommerce even after user logs out > -------------------------------------------------------------- > > Key: OFBIZ-10666 > URL: https://issues.apache.org/jira/browse/OFBIZ-10666 > Project: OFBiz > Issue Type: Bug > Components: ecommerce > Affects Versions: Trunk > Reporter: Arpit Mor > Assignee: Jacques Le Roux > Priority: Major > Fix For: 17.12.01, 16.11.06 > > Attachments: 1-OpenURL.png, 2-LoggedIn.png, 3-LoggedOut.png, 4-NotYou.png, OFBIZ-10666.patch > > > Steps to regenerate: > # Open URL: [https://demo-trunk.ofbiz.apache.org/ecommerce/control/main]. Welcome is displayed and user's name is not displayed when URL is opened. (Please refer attachment: 1-OpenURL) > # Login at ecommerce by clicking on login and entering Username: "admin" and Password: "ofbiz". Username will be displayed after user logs in. (Please refer attachment: 2-LoggedIn) > # Logout of ecommerce by clicking on logout. User will be logged out and login link will be displayed in place of logout link, but the name of user is still displayed. (Please refer attachment: 3-LoggedOut) > Actual: Username is still displayed after user logs out > > Expected: Username should not be displayed after the user logs out > > Note: Similar issue also exists when the user clicks on (Not You? Click Here) link. (Please refer attachment: 4-NotYou) -- This message was sent by Atlassian JIRA (v7.6.3#76005) |
«
Return to OFBiz - Notifications
|
1 view|%1 views
| Free forum by Nabble | Edit this page |