You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@ofbiz.apache.org by "Jacques Le Roux (JIRA)" <ji...@apache.org> on 2018/02/19 19:44:00 UTC
[jira] [Comment Edited] (OFBIZ-4959) Logout do not remove autoLogin
[ https://issues.apache.org/jira/browse/OFBIZ-4959?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16369438#comment-16369438 ]
Jacques Le Roux edited comment on OFBIZ-4959 at 2/19/18 7:43 PM:
-----------------------------------------------------------------
Fixed in
trunk r1824803
R17.12 r1824804
R16.11 r1824805+r1824807
was (Author: jacques.le.roux):
Fixed in
trunk r1824803
R17.12 r1824804
R16.11 r1824805
> Logout do not remove autoLogin
> ------------------------------
>
> Key: OFBIZ-4959
> URL: https://issues.apache.org/jira/browse/OFBIZ-4959
> Project: OFBiz
> Issue Type: Bug
> Components: ALL COMPONENTS
> Affects Versions: Release 09.04, Release 10.04
> Environment: Windows 2003 Server. Apache Ofbiz 2004 and Ofbiz 10
> Reporter: Roberto BenÃtez Monje
> Assignee: Jacques Le Roux
> Priority: Major
> Labels: logout, security
> Fix For: 17.12.01, 16.11.05
>
> Attachments: OFBIZ-4959.patch, OFBIZ-4959.patch
>
> Original Estimate: 70,056h
> Remaining Estimate: 70,056h
>
> Logout method do not disable autoLogin functionality. Instead of that it just initializes autoLogin in session and request.
> It have to be replace autoLoginCheck for autoLoginRemove inside of logout method.
> {code:title=LoginEvents/LoginWorker.java|borderStyle=solid}
> public static String logout(HttpServletRequest request, HttpServletResponse response) {
> // invalidate the security group list cache
> GenericValue userLogin = (GenericValue) request.getSession().getAttribute("userLogin");
> String returnValue = "success";
> if (request.getAttribute("_AUTO_LOGIN_LOGOUT_") == null) {
> try {
> returnValue = autoLoginRemove(request, response);
> } catch (IOException e) {
> Debug.logWarning(e, "", module);
> }
> }
> // log out from all other sessions too; do this here so that it is only done when a user explicitly logs out
> logoutFromAllSessions(userLogin);
> doBasicLogout(userLogin, request);
> return returnValue;
> }
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)