Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-68614

The description of session.cookie.use.full.hostname key in portal.properties needs to be changed

    Details

    • Type: Bug
    • Status: Verified
    • Resolution: Unresolved
    • Affects Version/s: 6.2.10 EE GA1, 7.0.0 DXP SP2, 7.0.0 DXP FP89, 7.0.X, 7.1.10 DXP FP16, 7.1.X, 7.2.10 DXP FP4, 7.2.X, 7.3.0 CE GA1, 7.3.X, Master
    • Fix Version/s: None
    • Component/s: Application Security
    • Fix Priority:
      3

      Description

      Description:
      One of our customers reported that the following property's description needs to be changed:
      session.cookie.use.full.hostname

      The customer pointed out, that according to the property's description, setting it to "false" should allow cross domain logins.

      We might need to consider rewriting the property description to make it clear what exactly is needed for cross domain logins.
      During my tests I have found that cross domain login is only possible when making changes on the application server. The TS Team confirmed this finding, see: LPP-22780.

      Reproduction Steps:
      1. Download up a Liferay 6.2 EE SP14 Liferay bundle
      2. In your portal-ext.properties file, make sure that this property is not set to "true":
      session.cookie.use.full.hostname=false
      3. In your hosts file, set up the following entries:
      your-ip-address sub.test.com
      your-ip-address test.com
      4. Start your Liferay server and log on as administrator
      5. Click on Site Administration - Site Settings - Site URL and set the virtual host as test.com
      6. Create a new site and set up it's virtual host as sub.test.com
      7. Log out, clear the cookies and log in to this site: http://test.com:8080/
      8. Once logged in, try to log in to: http://sub.test.com:8080/
      Expected Results:
      It should be possible to log on without re-typing the password
      Actual Results:
      The password is required to log in

        Attachments

          Activity

            People

            Assignee:
            support-lep@liferay.com SE Support
            Reporter:
            peter.petrekanics Peter Petrekanics
            Participants of an Issue:
            Recent user:
            Zsigmond Rab
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Days since last comment:
              39 weeks, 3 days ago

                Packages

                Version Package