Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-15153

Language cookie is not using configured cookiepath

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 8.4
    • Fix Version/s: None
    • Component/s: Old Core
    • Labels:
      None
    • Environment:
      XWiki 10.2 on Ubuntu 16.04.4 LTS with Standard Flavor installed
    • Difficulty:
      Easy
    • Similar issues:

      Description

      When using multilingual mode the language cookie gets set with cookiepath "/".
      If you have XWiki together with other services under one hostname/domain this can create trouble, as these other services might read this cookie to and get a value, which isn't appropriate or desired.

      In the current stable release (10.2) this has to be adjusted in
      https://github.com/xwiki/xwiki-platform/blob/stable-10.2.x/xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/XWiki.java
      at lines
      2689, 2696, 2938, 2959, 3040, 3065

      Either `context.getWiki().Param("xwiki.authentication.cookiepath")`, a new setting explicitely for the language-cookie (e.g. `xwiki.language.cookiepath`) or a general setting (e.g `xwiki.cookiepath`) should be used.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              koelle Kevin Köllmann
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: