etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/4.13' into 4.14

This commit is contained in:
Rohit Yadav 2020-07-08 11:36:30 +05:30
parent db9f8258d7 139aa13e6a
commit ba767783bd
2 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAMLUtils.java
View File

@ -280,7 +280,7 @@ public class SAMLUtils {
resp.addCookie(new Cookie("timezone", URLEncoder.encode(timezone, HttpUtils.UTF_8)));
}
resp.addCookie(new Cookie("userfullname", URLEncoder.encode(loginResponse.getFirstName() + " " + loginResponse.getLastName(), HttpUtils.UTF_8).replace("+", "%20")));
resp.addHeader("SET-COOKIE", String.format("%s=%s;HttpOnly", ApiConstants.SESSIONKEY, loginResponse.getSessionKey()));
resp.addHeader("SET-COOKIE", String.format("%s=%s;HttpOnly;Path=/", ApiConstants.SESSIONKEY, loginResponse.getSessionKey()));
}
/**

13
server/src/main/java/com/cloud/api/ApiServlet.java
View File

@ -213,7 +213,7 @@ public class ApiServlet extends HttpServlet {
try {
responseString = apiAuthenticator.authenticate(command, params, session, remoteAddress, responseType, auditTrailSb, req, resp);
if (session != null && session.getAttribute(ApiConstants.SESSIONKEY) != null) {
resp.addHeader("SET-COOKIE", String.format("%s=%s;HttpOnly", ApiConstants.SESSIONKEY, session.getAttribute(ApiConstants.SESSIONKEY)));
resp.addHeader("SET-COOKIE", String.format("%s=%s;HttpOnly;Path=/", ApiConstants.SESSIONKEY, session.getAttribute(ApiConstants.SESSIONKEY)));
}
} catch (ServerApiException e) {
httpResponseCode = e.getErrorCode().getHttpCode();
@ -238,9 +238,14 @@ public class ApiServlet extends HttpServlet {
} catch (final IllegalStateException ignored) {
}
}
Cookie sessionKeyCookie = new Cookie(ApiConstants.SESSIONKEY, "");
sessionKeyCookie.setMaxAge(0);
resp.addCookie(sessionKeyCookie);
final Cookie[] cookies = req.getCookies();
if (cookies != null) {
for (final Cookie cookie : cookies) {
cookie.setValue("");
cookie.setMaxAge(0);
resp.addCookie(cookie);
}
}
}
HttpUtils.writeHttpResponse(resp, responseString, httpResponseCode, responseType, ApiServer.JSONcontentType.value());
return;