Author: jleroux
Date: Thu Nov 1 17:23:46 2018
New Revision: 1845502
URL:
http://svn.apache.org/viewvc?rev=1845502&view=revLog:
Implemented: Navigate from a domain to another with automated signed in
authentication
(OFBIZ-10307)
While working on OFBIZ-10635 I spotted that I used a root path for
securedLoginId cookies. It's better to set it to the webapp name like it's done
by Tomcat for the JSESSIONID cookie. This fixes it.
Modified:
ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
Modified: ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
URL:
http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java?rev=1845502&r1=1845501&r2=1845502&view=diff==============================================================================
--- ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java (original)
+++ ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java Thu Nov 1 17:23:46 2018
@@ -948,7 +948,7 @@ public class LoginWorker {
Cookie securedLoginIdCookie = new Cookie(getSecuredLoginIdCookieName(webappName), userLogin.getString("userLoginId"));
securedLoginIdCookie.setMaxAge(-1);
securedLoginIdCookie.setDomain(domain);
- securedLoginIdCookie.setPath("/");
+ securedLoginIdCookie.setPath("/" + UtilHttp.getApplicationName(request));
securedLoginIdCookie.setSecure(true);
securedLoginIdCookie.setHttpOnly(true);
response.addCookie(securedLoginIdCookie);
@@ -1100,7 +1100,7 @@ public class LoginWorker {
WebappInfo webappInfo = ComponentConfig.getWebappInfo("default-server", securedLoginIdName);
if (webappInfo != null) {
securedLoginIdCookie.setMaxAge(0);
- securedLoginIdCookie.setPath("/");
+ securedLoginIdCookie.setPath("/" + UtilHttp.getApplicationName(request));
response.addCookie(securedLoginIdCookie);
}
}
Locked
