svn commit: r1851247 - /ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

svn commit: r1851247 - /ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java

jleroux@apache.org
Author: jleroux
Date: Mon Jan 14 13:53:18 2019
New Revision: 1851247

URL: http://svn.apache.org/viewvc?rev=1851247&view=rev
Log:
Fixed: User's name is displayed on ecommerce even after user logs out
(OFBIZ-10666)

On further investigation, I found that cookie path and domain are different
in the methods of creating the auto-login cookie i.e. LoginWorker.autoLoginSet()
and removing the auto-login cookie i.e. LoginWorker.autoLoginRemove().

After following changes the issue seems to be fixed:
1. Removed getMaxAge() check from the condition used in
   LoginWorker.getAutoUserLoginId() method.
2. Corrected the path and domain in the method LoginWorker.autoLoginRemove().

Thanks: Deepak Nigam for discussion and fix

Modified:
    ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java

Modified: ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java?rev=1851247&r1=1851246&r2=1851247&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java (original)
+++ ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java Mon Jan 14 13:53:18 2019
@@ -975,8 +975,7 @@ public class LoginWorker {
         }
         if (cookies != null) {
             for (Cookie cookie: cookies) {
-                if (cookie.getName().equals(getAutoLoginCookieName(request))
-                        && cookie.getMaxAge() > 0) {
+                if (cookie.getName().equals(getAutoLoginCookieName(request))) {
                     autoUserLoginId = cookie.getValue();
                     break;
                 }
@@ -1052,9 +1051,11 @@ public class LoginWorker {
 
         // remove the cookie
         if (userLogin != null) {
+            Delegator delegator = (Delegator) request.getAttribute("delegator");
             Cookie autoLoginCookie = new Cookie(getAutoLoginCookieName(request), userLogin.getString("userLoginId"));
             autoLoginCookie.setMaxAge(0);
-            autoLoginCookie.setPath("/");
+            autoLoginCookie.setDomain(EntityUtilProperties.getPropertyValue("url", "cookie.domain", delegator));
+            autoLoginCookie.setPath("/" + UtilHttp.getApplicationName(request));
             response.addCookie(autoLoginCookie);
         }
         // remove the session attributes