aboutsummaryrefslogtreecommitdiff
path: root/id
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2015-07-22 10:10:53 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2015-07-22 10:10:53 +0200
commit0d433cb0e010a32cb9a961d119c4cbc2937d33f1 (patch)
tree4488cb6cc4a74da1b8dae0b5a4e97ed4b10ba831 /id
parent7822346ccba084677534b4226080ef41de7b9865 (diff)
downloadmoa-id-spss-0d433cb0e010a32cb9a961d119c4cbc2937d33f1.tar.gz
moa-id-spss-0d433cb0e010a32cb9a961d119c4cbc2937d33f1.tar.bz2
moa-id-spss-0d433cb0e010a32cb9a961d119c4cbc2937d33f1.zip
update cookie policy
Diffstat (limited to 'id')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java16
1 files changed, 5 insertions, 11 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index 3fd99f6fc..34b44e991 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -261,7 +261,7 @@ public class SSOManager {
Logger.info("SSO Timeout can not be loaded from MOA-ID configuration. Use default Timeout with " + DEFAULTSSOTIMEOUT);
ssoTimeOut = DEFAULTSSOTIMEOUT;
}
- setCookie(httpReq, httpResp, SSOCOOKIE, ssoId, ssoTimeOut);
+ setCookie(httpReq, httpResp, SSOCOOKIE, ssoId, -1);
}
@@ -375,12 +375,7 @@ public class SSOManager {
Cookie[] cookies = httpReq.getCookies();
if (cookies != null) {
- for (Cookie cookie : cookies) {
-
- // funktioniert nicht, da Cookie seltsamerweise immer unsecure übertragen wird
- // (firefox)
- // if (cookie.getName().equals(SSOCOOKIE) && cookie.getSecure()) {
-
+ for (Cookie cookie : cookies) {
if (cookie.getName().equals(cookieName)) {
return cookie.getValue();
}
@@ -395,15 +390,14 @@ public class SSOManager {
Cookie cookie = new Cookie(cookieName, cookieValue);
cookie.setMaxAge(maxAge);
cookie.setSecure(true);
-
- //TODO: could be a problem if the IDP is accessible from different contextPaths or Domains
+ cookie.setHttpOnly(true);
cookie.setPath(httpReq.getContextPath());
-
+
httpResp.addCookie(cookie);
}
private void deleteCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String cookieName) {
- setCookie(httpReq, httpResp, cookieName, "", 1);
+ setCookie(httpReq, httpResp, cookieName, "", 0);
}
}