ofbiz-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jacques Le Roux (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (OFBIZ-4959) Logout do not remove autoLogin
Date Sun, 18 Feb 2018 19:34:00 GMT

    [ https://issues.apache.org/jira/browse/OFBIZ-4959?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16368644#comment-16368644
] 

Jacques Le Roux commented on OFBIZ-4959:
----------------------------------------

After a discussion with Taher [https://s.apache.org/qLGC] I'll implement autoLogoutFromAllBackendSessions()
in another way (see the link).

I'll check it make sense for webpos before using true there.

> Logout do not remove autoLogin
> ------------------------------
>
>                 Key: OFBIZ-4959
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-4959
>             Project: OFBiz
>          Issue Type: Bug
>          Components: ALL COMPONENTS
>    Affects Versions: Release 09.04, Release 10.04
>         Environment: Windows 2003 Server. Apache Ofbiz 2004 and Ofbiz 10
>            Reporter: Roberto Benítez Monje
>            Assignee: Jacques Le Roux
>            Priority: Major
>              Labels: logout, security
>         Attachments: OFBIZ-4959.patch, OFBIZ-4959.patch
>
>   Original Estimate: 70,056h
>  Remaining Estimate: 70,056h
>
> Logout method do not disable autoLogin functionality. Instead of that it just initializes
autoLogin in session and request.
> It have to be replace autoLoginCheck for autoLoginRemove inside of logout method.
> {code:title=LoginEvents/LoginWorker.java|borderStyle=solid}
> public static String logout(HttpServletRequest request, HttpServletResponse response)
{
> 	// invalidate the security group list cache
> 	GenericValue userLogin = (GenericValue) request.getSession().getAttribute("userLogin");
> 	String returnValue = "success";
> 	if (request.getAttribute("_AUTO_LOGIN_LOGOUT_") == null) {
> 		try {
> 			returnValue = autoLoginRemove(request, response);
> 		} catch (IOException e) {
> 			Debug.logWarning(e, "", module);
> 		}
> 	}
> 	// log out from all other sessions too; do this here so that it is only done when a
user explicitly logs out
> 	logoutFromAllSessions(userLogin);
> 	doBasicLogout(userLogin, request);
> 	return returnValue;
> }
> {code} 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message