You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by bh...@apache.org on 2015/03/13 10:33:51 UTC
[8/9] git commit: updated refs/heads/master to 6c71d3b
CS-18149: UI - no longer store sessionKey in cookie. After
... this change, opening the 2nd browser window (of the same
domain) will show login screen (i.e. user has to enter
credentials again) and will cause the 1st browser window
session timeout.
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
(cherry picked from commit 19e3c0168e744a76b5e1dc24a5eafa776d342404)
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/a308f372
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/a308f372
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/a308f372
Branch: refs/heads/master
Commit: a308f37232748d422be56bbda62ac34fe44fcf55
Parents: b9d624d
Author: Jessica Wang <je...@apache.org>
Authored: Fri Mar 13 13:14:42 2015 +0530
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Fri Mar 13 15:02:27 2015 +0530
----------------------------------------------------------------------
ui/scripts/cloudStack.js | 17 +++++++----------
1 file changed, 7 insertions(+), 10 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a308f372/ui/scripts/cloudStack.js
----------------------------------------------------------------------
diff --git a/ui/scripts/cloudStack.js b/ui/scripts/cloudStack.js
index 66598a9..2adb89c 100644
--- a/ui/scripts/cloudStack.js
+++ b/ui/scripts/cloudStack.js
@@ -105,10 +105,10 @@
bypassLoginCheck: function(args) { //determine to show or bypass login screen
if (g_loginResponse == null) { //show login screen
/*
- but if this is a 2nd browser window (of the same domain), login screen still won't show because $.cookie('sessionKey') is valid for 2nd browser window (of the same domain) as well.
- i.e. calling listCapabilities API with g_sessionKey from $.cookie('sessionKey') will succeed,
- then userValid will be set to true, then an user object (instead of "false") will be returned, then login screen will be bypassed.
- */
+ * Since we no longer store sessionKey in cookie, opening the
+ * 2nd browser window (of the same domain) will show login screen (i.e. user has to
+ * enter credentials again) and will cause the 1st browser window session timeout.
+ */
var unBoxCookieValue = function (cookieName) {
var cookieValue = $.cookie(cookieName);
if (cookieValue && cookieValue.length > 2 && cookieValue[0] === '"' && cookieValue[cookieValue.length-1] === '"') {
@@ -117,7 +117,7 @@
}
return cookieValue;
};
- g_sessionKey = unBoxCookieValue('sessionKey');
+ g_sessionKey = unBoxCookieValue('JSESSIONID');
g_role = unBoxCookieValue('role');
g_userid = unBoxCookieValue('userid');
g_domainid = unBoxCookieValue('domainid');
@@ -226,9 +226,6 @@
g_timezone = loginresponse.timezone;
g_userfullname = loginresponse.firstname + ' ' + loginresponse.lastname;
- $.cookie('sessionKey', g_sessionKey, {
- expires: 1
- });
$.cookie('username', g_username, {
expires: 1
});
@@ -324,7 +321,7 @@
g_regionsecondaryenabled = null;
g_loginCmdText = null;
- $.cookie('sessionKey', null);
+ $.cookie('JSESSIONID', null);
$.cookie('username', null);
$.cookie('account', null);
$.cookie('domainid', null);
@@ -347,7 +344,7 @@
},
samlLoginAction: function(args) {
- $.cookie('sessionKey', null);
+ $.cookie('JSESSIONID', null);
$.cookie('username', null);
$.cookie('account', null);
$.cookie('domainid', null);