svn commit: r1845502 - /ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java

Thu, 01 Nov 2018 10:23:57 -0700 

Author: jleroux
Date: Thu Nov  1 17:23:46 2018
New Revision: 1845502

URL: http://svn.apache.org/viewvc?rev=1845502&view=rev
Log:
Implemented: Navigate from a domain to another with automated signed in 
authentication
(OFBIZ-10307)

While working on OFBIZ-10635 I spotted that I used a root path for 
securedLoginId cookies. It's better to set it to the webapp name like it's done
by Tomcat for the JSESSIONID cookie. This fixes it.

Modified:
    
ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java

Modified: 
ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
URL: 
http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java?rev=1845502&r1=1845501&r2=1845502&view=diff
==============================================================================
--- 
ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
 (original)
+++ 
ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
 Thu Nov  1 17:23:46 2018
@@ -948,7 +948,7 @@ public class LoginWorker {
             Cookie securedLoginIdCookie = new 
Cookie(getSecuredLoginIdCookieName(webappName), 
userLogin.getString("userLoginId"));
             securedLoginIdCookie.setMaxAge(-1);
             securedLoginIdCookie.setDomain(domain);
-            securedLoginIdCookie.setPath("/");
+            securedLoginIdCookie.setPath("/" + 
UtilHttp.getApplicationName(request));
             securedLoginIdCookie.setSecure(true);
             securedLoginIdCookie.setHttpOnly(true);
             response.addCookie(securedLoginIdCookie);
@@ -1100,7 +1100,7 @@ public class LoginWorker {
                 WebappInfo webappInfo = 
ComponentConfig.getWebappInfo("default-server", securedLoginIdName);
                 if (webappInfo != null) {
                     securedLoginIdCookie.setMaxAge(0);
-                    securedLoginIdCookie.setPath("/");
+                    securedLoginIdCookie.setPath("/" + 
UtilHttp.getApplicationName(request));
                     response.addCookie(securedLoginIdCookie);
                 }
             }

Reply via email to