OFBiz OFBiz - Commits

[ofbiz-framework] branch release18.12 updated: Fixed: Remove _PREVIOUS_REQUEST_ Session Attribute on non-authentication pages (OFBIZ-12047)

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
mbrohl
Reply | Threaded
Open this post in threaded view
|

[ofbiz-framework] branch release18.12 updated: Fixed: Remove _PREVIOUS_REQUEST_ Session Attribute on non-authentication pages (OFBIZ-12047)

mbrohl
This is an automated email from the ASF dual-hosted git repository.

mbrohl pushed a commit to branch release18.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/release18.12 by this push:
     new 0316758  Fixed: Remove _PREVIOUS_REQUEST_ Session Attribute on non-authentication pages (OFBIZ-12047)
0316758 is described below

commit 03167586f989e32cf3d039b9c85f321b2886d3c5
Author: Ingo Könemann <[hidden email]>
AuthorDate: Wed Feb 3 09:19:12 2021 +0100

    Fixed: Remove _PREVIOUS_REQUEST_ Session Attribute on non-authentication
    pages (OFBIZ-12047)
   
    Added removal of the _PREVIOUS_REQUEST_ attribute when requesting
    non-authenticated sites and moved targetRequestUri handling to a
    accommodate this change
---
 .../apache/ofbiz/webapp/control/RequestHandler.java    | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
index fc246d2..e2cc912 100644
--- a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
+++ b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
@@ -265,13 +265,6 @@ public class RequestHandler {
 
         // Grab data from request object to process
         String defaultRequestUri = RequestHandler.getRequestUri(request.getPathInfo());
-        if (request.getAttribute("targetRequestUri") == null) {
-            if (request.getSession().getAttribute("_PREVIOUS_REQUEST_") != null) {
-                request.setAttribute("targetRequestUri", request.getSession().getAttribute("_PREVIOUS_REQUEST_"));
-            } else {
-                request.setAttribute("targetRequestUri", "/" + defaultRequestUri);
-            }
-        }
 
         String requestMissingErrorMessage = "Unknown request ["
                 + defaultRequestUri
@@ -508,6 +501,17 @@ public class RequestHandler {
                     requestMap = ccfg.getRequestMapMap().getFirst("ajaxCheckLogin");
                 }
             }
+        } else {
+            // Remove previous request attribute on navigation to non-authenticated request
+            request.getSession().removeAttribute("_PREVIOUS_REQUEST_");
+        }
+
+        if (request.getAttribute("targetRequestUri") == null) {
+            if (request.getSession().getAttribute("_PREVIOUS_REQUEST_") != null) {
+                request.setAttribute("targetRequestUri", request.getSession().getAttribute("_PREVIOUS_REQUEST_"));
+            } else {
+                request.setAttribute("targetRequestUri", "/" + defaultRequestUri);
+            }
         }
 
         // after security check but before running the event, see if a post-login redirect has completed and we have data from the pre-login request form to use now

Free forum by Nabble Edit this page