Permalink
Browse files

[FIX] website: website forced on wrong session with website selector

Forcing website on session before navigating to the other website would not
work as expected if the other website has a different URL (hostname).
It would force the website on session on current website, then navigate to
second website which could still had another website in session.

Now, we force the website in session once we land on the website in the
dispatch() method.

Step to reproduce:
  - Set website1 to 127.0.0.10
  - Set website2 to 127.0.0.20
  - From website1 click on website2 in website selector
  - Website2 is forced on website1 session (wrong)
  - You land correctly on website2 and see website2
  - From there (website2) click on website1 in website selector
  - Website1 is forced on website2 session (wrong)
  - You land on website1 but see website2 since website2 was forced on
    website1 session at steps 3/4.

This is even more trickier when there is a third website without a domain in
the equation (meaning this website can be seen from website1 and website2
without changing URL (hostname)).
  • Loading branch information...
rdeodoo committed Sep 19, 2018
1 parent 2bc7507 commit 735422252a0d9f65287f93d6ea65fb59238b138d
@@ -72,6 +72,11 @@ def _auth_method_public(cls):
@classmethod
def _add_dispatch_parameters(cls, func):
# Force website with query string paramater, typically set from website selector in frontend navbar
force_website_id = request.httprequest.args.get('fw')
if force_website_id and request.session.get('force_website_id') != force_website_id:
request.env['website']._force_website(request.httprequest.args.get('fw'))
context = {}
if not request.context.get('tz'):
context['tz'] = request.session.get('geoip', {}).get('time_zone')
@@ -466,8 +466,13 @@ def _force(self):
self._force_website(self.id)
def _force_website(self, website_id):
if request:
request.session['force_website_id'] = website_id and int(website_id)
if request and website_id:
try:
# Safely parse website_id as it could be a digit in string format such as
# URL query string (request.httprequest.args) or DOM data-attribut sent in JS
request.session['force_website_id'] = int(website_id)
except ValueError:
pass
@api.model
def is_publisher(self):
@@ -309,24 +309,15 @@ var WebsiteRoot = BodyManager.extend({
// Website 1: localhost; Website 2: 0.0.0.0; website 3: -
// when you switch 3 <--> 1, you need to force the website
this._rpc({
route: '/website/force_website',
params: {
website_id: website_id_to_switch_to || false,
},
}).then(function () {
var website_domain = ev.currentTarget.getAttribute('domain');
if (website_domain && window.location.hostname !== website_domain) {
// if domain unchanged, this line will do a nop while we need to refresh
// the page to load the new forced website.
window.location.hostname = website_domain;
}
else {
window.location.reload(true);
}
});
var website_domain = ev.currentTarget.getAttribute('domain');
var url = $.param.querystring(window.location.href, {'fw': website_id_to_switch_to});
if (website_domain && window.location.hostname !== website_domain) {
// if domain unchanged, this line will do a nop while we need to refresh
// the page to load the new forced website.
url = new URL(url);
url.hostname = website_domain;
}
window.location.href = url;
},
_multiCompanySwitch: function (ev) {

0 comments on commit 7354222

Please sign in to comment.