You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ofbiz.apache.org by le...@apache.org on 2009/08/21 15:49:07 UTC

svn commit: r806552 - /ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java

Author: lektran
Date: Fri Aug 21 13:49:07 2009
New Revision: 806552

URL: http://svn.apache.org/viewvc?rev=806552&view=rev
Log:
Don't redirect https requests to http if the request map specifies https since it forces the client to repost data over an unsecure connection

Modified:
    ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java

Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java?rev=806552&r1=806551&r2=806552&view=diff
==============================================================================
--- ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java (original)
+++ ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java Fri Aug 21 13:49:07 2009
@@ -217,10 +217,10 @@
                         callRedirect(newUrl, response, request);
                     }
                 }
-            // if this is a new session and the request is secure and forceHttpSession is true then we need the 
-            // session cookie to be created via an http response (rather than https) so we'll redirect to an
-            // unsecure request and then if necessary another redirect will occur to transfer back to https
-            } else if (forceHttpSession && request.isSecure() && session.isNew()) {
+            // if this is a new session and forceHttpSession is true and the request is secure but does not 
+            // need to be then we need the session cookie to be created via an http response (rather than https) 
+            // so we'll redirect to an unsecure request
+            } else if (forceHttpSession && request.isSecure() && session.isNew() && !requestMap.securityHttps) {
                 StringBuilder urlBuf = new StringBuilder();
                 urlBuf.append(request.getPathInfo());
                 if (request.getQueryString() != null) {