Author: jleroux
Date: Thu May 31 09:27:32 2018
New Revision: 1832591
URL:
http://svn.apache.org/viewvc?rev=1832591&view=revLog:
Improved: Add session tracking mode and make cookie secure
(OFBIZ-6655)
In CrossSubdomainSessionValve::replaceCookie sets HttpOnly if it was in replaced
cookie
Modified:
ofbiz/ofbiz-framework/trunk/framework/catalina/src/main/java/org/apache/ofbiz/catalina/container/CrossSubdomainSessionValve.java
Modified: ofbiz/ofbiz-framework/trunk/framework/catalina/src/main/java/org/apache/ofbiz/catalina/container/CrossSubdomainSessionValve.java
URL:
http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/catalina/src/main/java/org/apache/ofbiz/catalina/container/CrossSubdomainSessionValve.java?rev=1832591&r1=1832590&r2=1832591&view=diff==============================================================================
--- ofbiz/ofbiz-framework/trunk/framework/catalina/src/main/java/org/apache/ofbiz/catalina/container/CrossSubdomainSessionValve.java (original)
+++ ofbiz/ofbiz-framework/trunk/framework/catalina/src/main/java/org/apache/ofbiz/catalina/container/CrossSubdomainSessionValve.java Thu May 31 09:27:32 2018
@@ -63,7 +63,7 @@ public class CrossSubdomainSessionValve
protected void replaceCookie(Request request, Response response, Cookie cookie) {
- Delegator delegator = (Delegator) request.getAttribute("delegator");
+ Delegator delegator = (Delegator) request.getAttribute("delegator");
// copy the existing session cookie, but use a different domain (only if domain is valid)
String cookieDomain = null;
cookieDomain = EntityUtilProperties.getPropertyValue("url", "cookie.domain", "", delegator);
@@ -102,6 +102,7 @@ public class CrossSubdomainSessionValve
newCookie.setComment(cookie.getComment());
}
newCookie.setSecure(cookie.getSecure());
+ newCookie.setHttpOnly(cookie.isHttpOnly());
// if the response has already been committed, our replacement strategy will have no effect
if (response.isCommitted()) {
Locked
