Details

    • Branch Version/s:
      6.1.x, 6.0.x
    • Backported to Branch:
      Committed
    • Fix Priority:
      5

      Description

      We have 2 Liferay instances on our server.
      Both of them are reachable via their own subdomain.

      Instance 1: de.sample.com
      Instance 2: test.sample.com

      We have the problem, that Liferay cookies aren't saved with fully qualified domain name, but they are saved such as "sample.com" instead of "de.sample.com".
      We do not want cookie sharing across domains.
      Instances should be completely independent from each other.

      We've located this problem:
      In class portal-impl/src/com/liferay/portal/util/CookieKeys their is a method, called getDomain(String host), which cuts off everything before the first ".":

      public static String getDomain(String host) {

      // See LEP-4602 and LEP-4645.
      if (host == null)

      { return null; }
      // See LEP-5595.
      if (Validator.isIPAddress(host)) { return host; }
      int x = host.lastIndexOf(StringPool.PERIOD);
      if (x <= 0) { return null; }

      int y = host.lastIndexOf(StringPool.PERIOD, x - 1);

      if (y <= 0)

      { return StringPool.PERIOD + host; }

      int z = host.lastIndexOf(StringPool.PERIOD, y - 1);
      String domain = null;
      if (z <= 0)

      { domain = host.substring(y); }

      else

      { domain = host.substring(z); }

      return domain;
      }

      Is there a way to disable this "feature"?

        Issue Links

          Activity

          Hide
          mika.koivisto Mika Koivisto added a comment -

          Issue verified in 6.1.1 and 6.2.x.

          Show
          mika.koivisto Mika Koivisto added a comment - Issue verified in 6.1.1 and 6.2.x.
          Hide
          raymond.auge Raymond Auge added a comment -

          We're leaving the default behavior for backward compatibility.

          Use the property:

          session.cookie.use.full.hostname=true
          

          to change it.

          Show
          raymond.auge Raymond Auge added a comment - We're leaving the default behavior for backward compatibility. Use the property: session.cookie.use.full.hostname= true to change it.
          Hide
          michael.saechang Michael Saechang added a comment -

          Committed on:
          Portal 6.2.x GIT ID: 0e3b8e8042c817f66f1ca6709e710b3c7f338f65.

          Show
          michael.saechang Michael Saechang added a comment - Committed on: Portal 6.2.x GIT ID: 0e3b8e8042c817f66f1ca6709e710b3c7f338f65.

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                3 years, 22 weeks, 2 days ago

                Development

                  Subcomponents