svn commit: r1728381 - in /ofbiz/trunk: framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java specialpurpose/ecommerce/webapp/ecommerce/WEB-INF/web.xml specialpurpose/ecommerce/webapp/ecomseo/WEB-INF/web.xml

Wed, 03 Feb 2016 14:31:27 -0800 

Author: jleroux
Date: Wed Feb  3 22:07:10 2016
New Revision: 1728381

URL: http://svn.apache.org/viewvc?rev=1728381&view=rev
Log:
Removes forceHttpSession feature - 
https://issues.apache.org/jira/browse/OFBIZ-6879

We should always use HTTPS as explained at OFBIZ-6849

Modified:
    
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java
    ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/WEB-INF/web.xml
    ofbiz/trunk/specialpurpose/ecommerce/webapp/ecomseo/WEB-INF/web.xml

Modified: 
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java
URL: 
http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java?rev=1728381&r1=1728380&r2=1728381&view=diff
==============================================================================
--- 
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java 
(original)
+++ 
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java 
Wed Feb  3 22:07:10 2016
@@ -74,7 +74,6 @@ public class RequestHandler {
     private final ViewFactory viewFactory;
     private final EventFactory eventFactory;
     private final URL controllerConfigURL;
-    private final boolean forceHttpSession;
     private final boolean trackServerHit;
     private final boolean trackVisit;
     private final boolean cookies;
@@ -101,7 +100,6 @@ public class RequestHandler {
         this.viewFactory = new ViewFactory(context, this.controllerConfigURL);
         this.eventFactory = new EventFactory(context, 
this.controllerConfigURL);
 
-        this.forceHttpSession = 
"true".equalsIgnoreCase(context.getInitParameter("forceHttpSession"));
         this.trackServerHit = 
!"false".equalsIgnoreCase(context.getInitParameter("track-serverhit"));
         this.trackVisit = 
!"false".equalsIgnoreCase(context.getInitParameter("track-visit"));
         this.cookies = 
!"false".equalsIgnoreCase(context.getInitParameter("cookies"));
@@ -300,20 +298,6 @@ public class RequestHandler {
                         return;
                     }
                 }
-            // if this is a new session and forceHttpSession is true and the 
request is secure but does not
-            // need to be then we need the session cookie to be created via an 
http response (rather than https)
-            // so we'll redirect to an unsecure request
-            } else if (forceHttpSession && request.isSecure() && 
session.isNew() && !requestMap.securityHttps) {
-                StringBuilder urlBuf = new StringBuilder();
-                urlBuf.append(request.getPathInfo());
-                if (request.getQueryString() != null) {
-                    urlBuf.append("?").append(request.getQueryString());
-                }
-                String newUrl = RequestHandler.makeUrl(request, response, 
urlBuf.toString(), true, false, false);
-                if (newUrl.toUpperCase().startsWith("HTTP")) {
-                    callRedirect(newUrl, response, request, statusCodeString);
-                    return;
-                }
             }
 
             // Check for HTTPS client (x.509) security

Modified: ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/WEB-INF/web.xml
URL: 
http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/WEB-INF/web.xml?rev=1728381&r1=1728380&r2=1728381&view=diff
==============================================================================
--- ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/WEB-INF/web.xml 
(original)
+++ ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/WEB-INF/web.xml Wed 
Feb  3 22:07:10 2016
@@ -44,14 +44,6 @@ under the License.
         <param-name>mainDecoratorLocation</param-name>
         
<param-value>component://ecommerce/widget/CommonScreens.xml</param-value>
     </context-param>
-    <context-param>
-        <description>
-            Forces the JSESSIONID cookie to be sent via http rather https, 
helps prevent lost sessions in web apps that
-            frequently switch between http and https.
-        </description>
-        <param-name>forceHttpSession</param-name>
-        <param-value>true</param-value>
-    </context-param>
 
     <filter>
         <display-name>CatalogUrlFilter</display-name>

Modified: ofbiz/trunk/specialpurpose/ecommerce/webapp/ecomseo/WEB-INF/web.xml
URL: 
http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/ecommerce/webapp/ecomseo/WEB-INF/web.xml?rev=1728381&r1=1728380&r2=1728381&view=diff
==============================================================================
--- ofbiz/trunk/specialpurpose/ecommerce/webapp/ecomseo/WEB-INF/web.xml 
(original)
+++ ofbiz/trunk/specialpurpose/ecommerce/webapp/ecomseo/WEB-INF/web.xml Wed Feb 
 3 22:07:10 2016
@@ -45,14 +45,6 @@ under the License.
         
<param-value>component://ecommerce/widget/CommonScreens.xml</param-value>
     </context-param>
     <context-param>
-        <description>
-            Forces the JSESSIONID cookie to be sent via http rather https, 
helps prevent lost sessions in web apps that
-            frequently switch between http and https.
-        </description>
-        <param-name>forceHttpSession</param-name>
-        <param-value>true</param-value>
-    </context-param>
-    <context-param>
         <description>Default page uri. Important: please DO add or remove 
/control to match url-pattern of SeoControlServlet.</description>
         <param-name>defaultPage</param-name>
         <param-value>/main</param-value>

Reply via email to