OFBiz OFBiz - User
Login  Register

Re: Users - After login, username/password are in the page URL

Posted by Vinay Agarwal on Mar 03, 2006; 10:10pm
URL: http://ofbiz.116.s1.nabble.com/Users-After-login-username-password-are-in-the-page-URL-tp137768p137772.html

David,

The username/password are added by a call to makeLinkWithQueryString on line
391 of framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java.

Regards,
Vinay Agarwal

-----Original Message-----
From: [hidden email] [mailto:[hidden email]]
On Behalf Of Vinay Agarwal
Sent: Friday, March 03, 2006 1:33 PM
To: 'OFBiz Users / Usage Discussion'
Subject: Re: [OFBiz] Users - After login,username/password are in the page
URL

David,

I modified the checkLoginUrl to include "request-redirect:" like the
following
https://localhost:8443/ecommerce/control/checkLogin/request-redirect:login

To reproduce this with ecommerce application in latest code, in the file
ecommerce/widget/EcommcerceSetup.bsh, line

        globalContext.put("checkLoginUrl", LoginWorker.makeLoginUrl(request,
"checkLogin"));

is replaced by
        String loginUrl = LoginWorker.makeLoginUrl(request, "checkLogin");
        int indx = loginUrl.lastIndexOf('/') + 1;
        loginUrl = loginUrl.substring(0, indx) + "request-redirect:" +
loginUrl.substring(indx);
        globalContext.put("checkLoginUrl", loginUrl);

This could not be seen prior to this mod since the URL showed
        https://localhost:8443/ecommerce/control/login
on the main page after login.

Regards,
Vinay Agarwal

-----Original Message-----
From: [hidden email] [mailto:[hidden email]]
On Behalf Of David E. Jones
Sent: Friday, March 03, 2006 12:49 PM
To: OFBiz Users / Usage Discussion
Subject: Re: [OFBiz] Users - After login,username/password are in the page
URL


Vinay,

Could you send over more details about where this happened and if  
needed what preceded it? Is this modified or stock (SVN) code?

Thanks,
-David


On Mar 3, 2006, at 1:38 PM, Vinay Agarwal wrote:

> Hello,
>
>
>
> After login, I find the username and password in the page URL like  
> this
>
> http://localhost:8080/control/ 
> main;jsessionid=26851BF0671EC5CFDEE70EC1ADA621
> 79.jvm1?USERNAME=lauser
> <http://localhost:8080/control/ 
> main;jsessionid=26851BF0671EC5CFDEE70EC1ADA62
> 179.jvm1?USERNAME=lauser&PASSWORD=testing> &PASSWORD=testing
>
>
>
> To my knowledge, I am not calling any script to put stuff from
> _PREVIOUS_PARAMS_ to URL. Any suggestions on how to fix it?
>
>
>
> Regards,
>
> Vinay Agarwal
>
> <winmail.dat>
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/users

 
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
 
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
Free forum by Nabble Edit this page