Don't use domain based cookie

author lajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>

Thu, 10 Jan 2008 12:50:23 +0000 (12:50 +0000)

committer lajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>

Thu, 10 Jan 2008 12:50:23 +0000 (12:50 +0000)
author lajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Thu, 10 Jan 2008 12:50:23 +0000 (12:50 +0000)
committer lajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Thu, 10 Jan 2008 12:50:23 +0000 (12:50 +0000)
diff --git a/src/edu/internet2/middleware/shibboleth/idp/authn/AuthenticationEngine.java b/src/edu/internet2/middleware/shibboleth/idp/authn/AuthenticationEngine.java

index 5148da6..24fc8c0 100644 (file)
--- a/src/edu/internet2/middleware/shibboleth/idp/authn/AuthenticationEngine.java
+++ b/src/edu/internet2/middleware/shibboleth/idp/authn/AuthenticationEngine.java
@@ -344,7 +344,6 @@ public class AuthenticationEngine extends HttpServlet {
  
          LOG.debug("Adding IdP session cookie to HTTP response");
          Cookie sessionCookie = new Cookie(IDP_SESSION_COOKIE_NAME, userSession.getSessionID());
-        sessionCookie.setDomain(httpRequest.getLocalName());
          sessionCookie.setPath(httpRequest.getContextPath());
          sessionCookie.setSecure(false);
  
diff --git a/src/edu/internet2/middleware/shibboleth/idp/session/IdPSessionFilter.java b/src/edu/internet2/middleware/shibboleth/idp/session/IdPSessionFilter.java

index 4584d75..f380851 100644 (file)
--- a/src/edu/internet2/middleware/shibboleth/idp/session/IdPSessionFilter.java
+++ b/src/edu/internet2/middleware/shibboleth/idp/session/IdPSessionFilter.java
@@ -87,11 +87,9 @@ public class IdPSessionFilter implements Filter {
          log.debug("Attempting to retrieve IdP session cookie.");
          Cookie[] requestCookies = request.getCookies();
  
-        String thisDomain = "."+ request.getLocalName();
-        log.debug("THis domain is {}" + thisDomain);
          if (requestCookies != null) {
              for (Cookie requestCookie : requestCookies) {
-                if (DatatypeHelper.safeEquals(requestCookie.getDomain(), thisDomain)
+                if (DatatypeHelper.safeEquals(requestCookie.getDomain(), request.getLocalName())
                          && DatatypeHelper.safeEquals(requestCookie.getPath(), request.getContextPath())
                          && DatatypeHelper.safeEquals(requestCookie.getName(), AuthenticationEngine.IDP_SESSION_COOKIE_NAME)) {
                      log.debug("Found IdP session cookie.");
author	lajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
	Thu, 10 Jan 2008 12:50:23 +0000 (12:50 +0000)
committer	lajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
	Thu, 10 Jan 2008 12:50:23 +0000 (12:50 +0000)
src/edu/internet2/middleware/shibboleth/idp/authn/AuthenticationEngine.java		patch \| blob \| history
src/edu/internet2/middleware/shibboleth/idp/session/IdPSessionFilter.java		patch \| blob \| history