Author: lektran
Date: Fri Aug 21 13:49:07 2009
New Revision: 806552
URL:
http://svn.apache.org/viewvc?rev=806552&view=revLog:
Don't redirect https requests to http if the request map specifies https since it forces the client to repost data over an unsecure connection
Modified:
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java
Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java?rev=806552&r1=806551&r2=806552&view=diff==============================================================================
--- ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java (original)
+++ ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java Fri Aug 21 13:49:07 2009
@@ -217,10 +217,10 @@
callRedirect(newUrl, response, request);
}
}
- // if this is a new session and the request is secure and forceHttpSession is true then we need the
- // session cookie to be created via an http response (rather than https) so we'll redirect to an
- // unsecure request and then if necessary another redirect will occur to transfer back to https
- } else if (forceHttpSession && request.isSecure() && session.isNew()) {
+ // if this is a new session and forceHttpSession is true and the request is secure but does not
+ // need to be then we need the session cookie to be created via an http response (rather than https)
+ // so we'll redirect to an unsecure request
+ } else if (forceHttpSession && request.isSecure() && session.isNew() && !requestMap.securityHttps) {
StringBuilder urlBuf = new StringBuilder();
urlBuf.append(request.getPathInfo());
if (request.getQueryString() != null) {
Locked
