Details
-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
8.4
-
None
-
XWiki 10.2 on Ubuntu 16.04.4 LTS with Standard Flavor installed
-
Easy
-
Description
When using multilingual mode the language cookie gets set with cookiepath "/".
If you have XWiki together with other services under one hostname/domain this can create trouble, as these other services might read this cookie to and get a value, which isn't appropriate or desired.
In the current stable release (10.2) this has to be adjusted in
https://github.com/xwiki/xwiki-platform/blob/stable-10.2.x/xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/XWiki.java
at lines
2689, 2696, 2938, 2959, 3040, 3065
Either `context.getWiki().Param("xwiki.authentication.cookiepath")`, a new setting explicitely for the language-cookie (e.g. `xwiki.language.cookiepath`) or a general setting (e.g `xwiki.cookiepath`) should be used.
