Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-68614

The description of session.cookie.use.full.hostname key in portal.properties needs to be changed


    • Feature Request
    • Status: New Idea
    • Resolution: Unresolved
    • 6.2.10 EE GA1, 7.0.0 DXP SP2, 7.0.0 DXP FP89, 7.0.X, 7.1.10 DXP FP16, 7.1.X, 7.2.10 DXP FP4, 7.2.X, 7.3.0 CE GA1, 7.3.X, Master
    • None
    • Application Security


      One of our customers reported that the following property's description needs to be changed:

      The customer pointed out, that according to the property's description, setting it to "false" should allow cross domain logins.

      We might need to consider rewriting the property description to make it clear what exactly is needed for cross domain logins.
      During my tests I have found that cross domain login is only possible when making changes on the application server. The TS Team confirmed this finding, see: LPP-22780.

      Reproduction Steps:
      1. Download up a Liferay 6.2 EE SP14 Liferay bundle
      2. In your portal-ext.properties file, make sure that this property is not set to "true":
      3. In your hosts file, set up the following entries:
      your-ip-address sub.test.com
      your-ip-address test.com
      4. Start your Liferay server and log on as administrator
      5. Click on Site Administration - Site Settings - Site URL and set the virtual host as test.com
      6. Create a new site and set up it's virtual host as sub.test.com
      7. Log out, clear the cookies and log in to this site: http://test.com:8080/
      8. Once logged in, try to log in to: http://sub.test.com:8080/
      Expected Results:
      It should be possible to log on without re-typing the password
      Actual Results:
      The password is required to log in




            support-lep@liferay.com SE Support
            peter.petrekanics Peter Petrekanics (Inactive)
            0 Vote for this issue
            1 Start watching this issue




                Version Package