diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2015-07-22 10:10:53 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2015-07-22 10:10:53 +0200 |
commit | 0d433cb0e010a32cb9a961d119c4cbc2937d33f1 (patch) | |
tree | 4488cb6cc4a74da1b8dae0b5a4e97ed4b10ba831 /id/server/idserverlib/src | |
parent | 7822346ccba084677534b4226080ef41de7b9865 (diff) | |
download | moa-id-spss-0d433cb0e010a32cb9a961d119c4cbc2937d33f1.tar.gz moa-id-spss-0d433cb0e010a32cb9a961d119c4cbc2937d33f1.tar.bz2 moa-id-spss-0d433cb0e010a32cb9a961d119c4cbc2937d33f1.zip |
update cookie policy
Diffstat (limited to 'id/server/idserverlib/src')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java | 16 |
1 files changed, 5 insertions, 11 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java index 3fd99f6fc..34b44e991 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java @@ -261,7 +261,7 @@ public class SSOManager { Logger.info("SSO Timeout can not be loaded from MOA-ID configuration. Use default Timeout with " + DEFAULTSSOTIMEOUT); ssoTimeOut = DEFAULTSSOTIMEOUT; } - setCookie(httpReq, httpResp, SSOCOOKIE, ssoId, ssoTimeOut); + setCookie(httpReq, httpResp, SSOCOOKIE, ssoId, -1); } @@ -375,12 +375,7 @@ public class SSOManager { Cookie[] cookies = httpReq.getCookies(); if (cookies != null) { - for (Cookie cookie : cookies) { - - // funktioniert nicht, da Cookie seltsamerweise immer unsecure übertragen wird - // (firefox) - // if (cookie.getName().equals(SSOCOOKIE) && cookie.getSecure()) { - + for (Cookie cookie : cookies) { if (cookie.getName().equals(cookieName)) { return cookie.getValue(); } @@ -395,15 +390,14 @@ public class SSOManager { Cookie cookie = new Cookie(cookieName, cookieValue); cookie.setMaxAge(maxAge); cookie.setSecure(true); - - //TODO: could be a problem if the IDP is accessible from different contextPaths or Domains + cookie.setHttpOnly(true); cookie.setPath(httpReq.getContextPath()); - + httpResp.addCookie(cookie); } private void deleteCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String cookieName) { - setCookie(httpReq, httpResp, cookieName, "", 1); + setCookie(httpReq, httpResp, cookieName, "", 0); } } |