Don't check cookie domain and path, they aren't sent by the browser
authorlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Thu, 10 Jan 2008 12:57:07 +0000 (12:57 +0000)
committerlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Thu, 10 Jan 2008 12:57:07 +0000 (12:57 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@2551 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

src/edu/internet2/middleware/shibboleth/idp/session/IdPSessionFilter.java

index f380851..e6ed7e5 100644 (file)
@@ -89,9 +89,7 @@ public class IdPSessionFilter implements Filter {
 
         if (requestCookies != null) {
             for (Cookie requestCookie : requestCookies) {
-                if (DatatypeHelper.safeEquals(requestCookie.getDomain(), request.getLocalName())
-                        && DatatypeHelper.safeEquals(requestCookie.getPath(), request.getContextPath())
-                        && DatatypeHelper.safeEquals(requestCookie.getName(), AuthenticationEngine.IDP_SESSION_COOKIE_NAME)) {
+                if (DatatypeHelper.safeEquals(requestCookie.getName(), AuthenticationEngine.IDP_SESSION_COOKIE_NAME)) {
                     log.debug("Found IdP session cookie.");
                     return requestCookie;
                 }