[jira] [Commented] (OFBIZ-10666) User's name is displayed on ecommerce even after user logs out

    [ https://issues.apache.org/jira/browse/OFBIZ-10666?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16741530#comment-16741530 ]

Jacques Le Roux commented on OFBIZ-10666:
-----------------------------------------

Actually we need more than that, and it's still not enough. According to [https://www.google.com/search?q=java+get+rid+of+a+cookie&ie=UTF-8] , we need:
{noformat}
Index: framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
===================================================================
--- framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java (revision 1851194)
+++ framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java (working copy)
@@ -975,8 +975,7 @@
         }
         if (cookies != null) {
             for (Cookie cookie: cookies) {
-                if (cookie.getName().equals(getAutoLoginCookieName(request))
-                        && cookie.getMaxAge() > 0) {
+                if (cookie.getName().equals(getAutoLoginCookieName(request))) {
                     autoUserLoginId = cookie.getValue();
                     break;
                 }
@@ -1012,7 +1011,6 @@
         if (autoUserLogin != null){
             return "success";
         }
-
         return autoLoginCheck(delegator, session, getAutoUserLoginId(request));
     }
 
@@ -1052,7 +1050,7 @@
 
         // remove the cookie
         if (userLogin != null) {
-            Cookie autoLoginCookie = new Cookie(getAutoLoginCookieName(request), userLogin.getString("userLoginId"));
+            Cookie autoLoginCookie = new Cookie(getAutoLoginCookieName(request), "");
             autoLoginCookie.setMaxAge(0);
             autoLoginCookie.setPath("/");
             response.addCookie(autoLoginCookie);
 {noformat}
But then we still have an issue with
{noformat}
private static String autoLoginCheck(Delegator delegator, HttpSession session, String autoUserLoginId) {
[...]
                if (person != null) {
                    session.setAttribute("autoName", person.getString("firstName") + " " + person.getString("lastName"));
                } else if (group != null) {
                    session.setAttribute("autoName", group.getString("groupName"));
                }

 {noformat}
Which systematically resurrects autoName. I begin to wonder if we should not rewrite the whole and use rather another not cookie based strategy like exposed at [https://stackoverflow.com/questions/2185951/how-do-i-keep-a-user-logged-into-my-site-for-months] (1st answer, Java 8).

It's a bit early to tell, but I already spent a lot of time with this...

BTW we have 2 other occurences of {{setMaxAge(0)}} and only one use the right strategy (using null instead of an empty String, I guess both work).



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)