svn commit: r1851247 - /ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java

Mon, 14 Jan 2019 05:53:25 -0800 

Author: jleroux
Date: Mon Jan 14 13:53:18 2019
New Revision: 1851247

URL: http://svn.apache.org/viewvc?rev=1851247&view=rev
Log:
Fixed: User's name is displayed on ecommerce even after user logs out
(OFBIZ-10666)

On further investigation, I found that cookie path and domain are different 
in the methods of creating the auto-login cookie i.e. 
LoginWorker.autoLoginSet() 
and removing the auto-login cookie i.e. LoginWorker.autoLoginRemove().

After following changes the issue seems to be fixed:
1. Removed getMaxAge() check from the condition used in 
   LoginWorker.getAutoUserLoginId() method.
2. Corrected the path and domain in the method LoginWorker.autoLoginRemove().

Thanks: Deepak Nigam for discussion and fix

Modified:
    
ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java

Modified: 
ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
URL: 
http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java?rev=1851247&r1=1851246&r2=1851247&view=diff
==============================================================================
--- 
ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
 (original)
+++ 
ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
 Mon Jan 14 13:53:18 2019
@@ -975,8 +975,7 @@ public class LoginWorker {
         }
         if (cookies != null) {
             for (Cookie cookie: cookies) {
-                if (cookie.getName().equals(getAutoLoginCookieName(request)) 
-                        && cookie.getMaxAge() > 0) {
+                if (cookie.getName().equals(getAutoLoginCookieName(request))) {
                     autoUserLoginId = cookie.getValue();
                     break;
                 }
@@ -1052,9 +1051,11 @@ public class LoginWorker {
 
         // remove the cookie
         if (userLogin != null) {
+            Delegator delegator = (Delegator) 
request.getAttribute("delegator");
             Cookie autoLoginCookie = new 
Cookie(getAutoLoginCookieName(request), userLogin.getString("userLoginId"));
             autoLoginCookie.setMaxAge(0);
-            autoLoginCookie.setPath("/");
+            
autoLoginCookie.setDomain(EntityUtilProperties.getPropertyValue("url", 
"cookie.domain", delegator));
+            autoLoginCookie.setPath("/" + 
UtilHttp.getApplicationName(request));
             response.addCookie(autoLoginCookie);
         }
         // remove the session attributes

Reply via email to