Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-667

Persistent Cookie should only be set on success and not on AMAuthCookie

    XMLWordPrintable

    Details

    • Rank:
      1|hzn2if:

      Description

      If openam.session.persist_am_cookie is set to true then the iPlanetDirectoryPro cookie is made a persistent cookie, otherwise it remains as a session cookie.

      The DAS sets the cookie in the LoginViewBean setCookie method; but the setCookie method will always make the cookie persistent and this method is used to set the AMAuthCookie as well as the iPlanetDirectoryPro cookie.

      The setCookie method in the LoginViewBean should check ac.getStatus() == AuthContext.Status.SUCCESS and if it is set the cookie to persistent if enabled. Otherwise leave it as a session cookie.

      This fix should go in the LoginViewBean in the DAS and the normal UI.

        Attachments

          Activity

            People

            peter.major Peter Major [X] (Inactive)
            steve Steve Ferris
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: