I set a session attribute in a autologinfilter. When trying to get this attribute in my post-login-hook, the value is always null if session.enable.phishing.protection=true
All our pages are https (fronted by Apache Web Server) so I thought that having the value
would let me keep the session attributes even with session.enable.phishing.protection=true
In portal.properties, the information says that:
My setup in Liferay 6.1.1 works with both properties set to true.
I notice there's been a change in
Should there also be a check if PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS is true or is this by design?
Not sure if this is related but:
In com.liferay.portal.util.PortalImpl.isSecure() it seems that the request is not considered secure if both company.security.auth.requires.https and session.enable.phishing.protection is true at the same time
This seems unchanged between 6.1.1 and 6.2.0