[ofbiz-framework] branch trunk updated: Fixed: Remove _PREVIOUS_REQUEST_ Session Attribute on non-authentication pages (OFBIZ-12047)

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[ofbiz-framework] branch trunk updated: Fixed: Remove _PREVIOUS_REQUEST_ Session Attribute on non-authentication pages (OFBIZ-12047)

mbrohl
This is an automated email from the ASF dual-hosted git repository.

mbrohl pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/trunk by this push:
     new ffcd8f3  Fixed: Remove _PREVIOUS_REQUEST_ Session Attribute on non-authentication pages (OFBIZ-12047)
ffcd8f3 is described below

commit ffcd8f34fc39db979e4ba6ec455b4dc165276632
Author: Ingo Könemann <[hidden email]>
AuthorDate: Wed Feb 3 09:19:12 2021 +0100

    Fixed: Remove _PREVIOUS_REQUEST_ Session Attribute on non-authentication
    pages (OFBIZ-12047)
   
    Added removal of the _PREVIOUS_REQUEST_ attribute when requesting
    non-authenticated sites and moved targetRequestUri handling to a
    accommodate this change
---
 .../apache/ofbiz/webapp/control/RequestHandler.java    | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
index 3bf5632..6b2c08a 100644
--- a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
+++ b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
@@ -383,13 +383,6 @@ public final class RequestHandler {
 
         // Grab data from request object to process
         String defaultRequestUri = RequestHandler.getRequestUri(request.getPathInfo());
-        if (request.getAttribute("targetRequestUri") == null) {
-            if (request.getSession().getAttribute("_PREVIOUS_REQUEST_") != null) {
-                request.setAttribute("targetRequestUri", request.getSession().getAttribute("_PREVIOUS_REQUEST_"));
-            } else {
-                request.setAttribute("targetRequestUri", "/" + defaultRequestUri);
-            }
-        }
 
         String requestMissingErrorMessage = "Unknown request ["
                 + defaultRequestUri
@@ -636,6 +629,17 @@ public final class RequestHandler {
                     requestMap = ccfg.getRequestMapMap().get("ajaxCheckLogin");
                 }
             }
+        } else {
+            // Remove previous request attribute on navigation to non-authenticated request
+            request.getSession().removeAttribute("_PREVIOUS_REQUEST_");
+        }
+
+        if (request.getAttribute("targetRequestUri") == null) {
+            if (request.getSession().getAttribute("_PREVIOUS_REQUEST_") != null) {
+                request.setAttribute("targetRequestUri", request.getSession().getAttribute("_PREVIOUS_REQUEST_"));
+            } else {
+                request.setAttribute("targetRequestUri", "/" + defaultRequestUri);
+            }
         }
 
         // after security check but before running the event, see if a post-login redirect has completed and we have data from the pre-login