svn commit: r1845341 - /ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java

Author: jleroux
Date: Wed Oct 31 15:36:11 2018
New Revision: 1845341

URL: http://svn.apache.org/viewvc?rev=1845341&view=rev
Log:
Improved: Correct behaviour of Autologin cookies
(OFBIZ-10635)

While working on this issue I spotted that securedLoginId has the same duration
(1 year) than autoUserLoginId.
I have reduced it to the browser session which is the purpose.

Modified:
    ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java

Modified: ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java?rev=1845341&r1=1845340&r2=1845341&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java (original)
+++ ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java Wed Oct 31 15:36:11 2018
@@ -946,7 +946,7 @@ public class LoginWorker {
         if (userLogin != null) {
             String webappName = UtilHttp.getApplicationName(request);
             Cookie securedLoginIdCookie = new Cookie(getSecuredLoginIdCookieName(webappName), userLogin.getString("userLoginId"));
-            securedLoginIdCookie.setMaxAge(60 * 60 * 24 * 365);
+            securedLoginIdCookie.setMaxAge(-1);
             securedLoginIdCookie.setDomain(domain);
             securedLoginIdCookie.setPath("/");
             securedLoginIdCookie.setSecure(true);