Skip to content
Permalink
Browse files

Fixed: Correct behaviour of Autologin cookies

(OFBIZ-10635)

In the method to set the autoLogin cookie, LoginWorker::autoLoginSet,
system fetches the webAppInfo by using the
method ComponentConfig::getWebappInfo. In this method, serverId and
applicationName are passed as arguments.

*WebappInfo webappInfo = ComponentConfig.getWebappInfo((String)
context.getAttribute("_serverId"), UtilHttp.getApplicationName(request));*

If the mount-point of the web app is set as an empty string, then 'root'
will be used as the application name, due to which the object webAppInfo
will come null. If the webAppInfo is null then the autoLogin cookie will
not be created and added to the response object by the system.

Thanks: Aditya for report and Mathieu Lirzin for discussion

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-framework/trunk@1851074 13f79535-47bb-0310-9956-ffa450edef68
  • Loading branch information
JacquesLeRoux committed Jan 11, 2019
1 parent d2485c4 commit 199549e08fda5bc02e4d32566aee181328423381
Showing with 6 additions and 3 deletions.
  1. +6 −3 framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
@@ -923,13 +923,16 @@ public static String autoLoginSet(HttpServletRequest request, HttpServletRespons
HttpSession session = request.getSession();
GenericValue userLogin = (GenericValue) session.getAttribute("userLogin");
ServletContext context = request.getServletContext();
WebappInfo webappInfo = ComponentConfig.getWebappInfo((String) context.getAttribute("_serverId"), UtilHttp.getApplicationName(request));
String applicationName = UtilHttp.getApplicationName(request);
WebappInfo webappInfo = ComponentConfig.getWebappInfo((String) context.getAttribute("_serverId"), applicationName);

if (userLogin != null && webappInfo != null && webappInfo.isAutologinCookieUsed()) {
if (userLogin != null &&
(webappInfo != null && webappInfo.isAutologinCookieUsed())
|| webappInfo == null) { // When using an empty mounpoint, ie using root as mounpoint. Beware: works only for 1 webapp!
Cookie autoLoginCookie = new Cookie(getAutoLoginCookieName(request), userLogin.getString("userLoginId"));
autoLoginCookie.setMaxAge(60 * 60 * 24 * 365);
autoLoginCookie.setDomain(EntityUtilProperties.getPropertyValue("url", "cookie.domain", delegator));
autoLoginCookie.setPath("/" + UtilHttp.getApplicationName(request).replaceAll("/","_"));
autoLoginCookie.setPath("/" + applicationName.replaceAll("/","_"));
autoLoginCookie.setSecure(true);
autoLoginCookie.setHttpOnly(true);
response.addCookie(autoLoginCookie);

0 comments on commit 199549e

Please sign in to comment.
You can’t perform that action at this time.