Bug 129503

Summary: redhat global cookie not set
Product: [Retired] Red Hat Network Reporter: Ryan Bloom <rbb>
Component: RHN/R&DAssignee: Chip Turner <cturner>
Status: CLOSED CURRENTRELEASE QA Contact: Fanny Augustin <fmoquete>
Severity: medium Docs Contact:
Priority: medium    
Version: RHN Devel   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-09-20 15:21:28 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 125080    

Description Ryan Bloom 2004-08-09 20:12:59 UTC 
The www site and rhn have a single cookie that is set so that a logged
in user is logged into both sites.  The Java code is not yet setting
that cookie.
Comment 1 Ryan Bloom 2004-08-13 20:34:31 UTC 
assign to chip.
Comment 2 Chip Turner 2004-09-07 18:10:31 UTC 
this should be in with the caveat that right now it doesn't respect
SSL since we have no way to work with SSL in the current development
environment.  closing this bug, opening a bug regarding ssl.
Comment 3 Ryan Bloom 2004-09-14 16:46:33 UTC 
There were comments made on this commit that have not been resolved yet.

 Modified: trunk/code/src/com/redhat/rhn/domain/session/SessionImpl.java
> ===================================================================
> --- trunk/code/src/com/redhat/rhn/domain/session/SessionImpl.java  
  2004-09-03 20:00:16 UTC (rev 1132)
> +++ trunk/code/src/com/redhat/rhn/domain/session/SessionImpl.java  
  2004-09-03 22:44:38 UTC (rev 1133)
> @@ -25,7 +25,7 @@
>      private long id;
>      private String value;
>      private long expires;
> -    private long webUserId;
> +    private Long webUserId;
>      private Map valueMap;
>      private User user;
>
> @@ -64,7 +64,7 @@
>       * Gets the current value of web_user_id
>       * @return long - the current value
>       */
> -    public long getWebUserId() {
> +    public Long getWebUserId() {
>          return webUserId;
>      }
>
> @@ -72,9 +72,11 @@
>       * Sets the value of web_user_id to new value
>       * @param idIn New value for id
>       */
> -    public void setWebUserId(long idIn) {
> +    public void setWebUserId(Long idIn) {
> +        if (idIn != null && idIn.longValue() == 0) {
> +            throw new RuntimeException("no such thing as user 0!");
> +        }
                                                                     
                                                                     
                                                                     
                
Please, do not throw RuntimeException.
                                                                     
                                                                     
                                                                     
                
> Copied: trunk/code/src/com/redhat/rhn/frontend/util/LoginUtil.java
(from rev 1129,
trunk/code/src/com/redhat/rhn/frontend/action/LoginUtil.java)
> ===================================================================
> --- trunk/code/src/com/redhat/rhn/frontend/action/LoginUtil.java   
  2004-09-03 13:45:32 UTC (rev 1129)
> +++ trunk/code/src/com/redhat/rhn/frontend/util/LoginUtil.java     
  2004-09-03 22:44:38 UTC (rev 1133)
> @@ -0,0 +1,99 @@
> +/**
> + * Copyright (c) 2004 Red Hat, Inc.
> + * All Rights Reserved.
> + *
> + * This software is the confidential and proprietary information of
> + * Red Hat, Inc. ("Confidential Information").  You shall not
> + * disclose such Confidential Information and shall use it only in
> + * accordance with the terms of the license agreement you entered into
> + * with Red Hat.
> + */
> +package com.redhat.rhn.frontend.util;
> +
> +import com.redhat.rhn.common.conf.Config;
> +import com.redhat.rhn.common.security.SessionSwap;
> +import com.redhat.rhn.domain.session.Session;
> +import com.redhat.rhn.domain.session.SessionFactory;
> +import com.redhat.rhn.manager.session.SessionManager;
> +
> +import java.util.Date;
> +
> +import javax.servlet.http.Cookie;
> +import javax.servlet.http.HttpServletRequest;
> +import javax.servlet.http.HttpServletResponse;
> +import javax.servlet.http.HttpSession;
> +
> +/**
> + * LoginUtil
> + * @version $Rev$
> + */
> +public class LoginUtil {
> +    /** the name of the Red Hat auth token */
> +    public static final String AUTH_COOKIE_NAME = "rh_auth_token";
> +
> +    private LoginUtil() {
> +    }
> +
> +    /** utility function to retrieve a given user's session, or, if it
> +      * doesn't exist, create it */
> +
> +    public static Session findUserSession(HttpServletRequest request) {
> +        HttpSession session = request.getSession();
> +        Long sessionId = (Long)session.getAttribute("session_id");
> +
> +        Session s = null;
> +        long expirationTime = SessionManager.timeoutValue();
> +
> +        if (sessionId != null) {
> +            s = SessionFactory.lookupById(sessionId, null);
                                                                     
                                                                     
                                                                     
                
You didn't handle the null return here.  That means that this method can
easily return null, which will cause an NPE in other code.  Either don't
pass in anything, pass in an Exception, or handle the null case.
Comment 4 Chip Turner 2004-09-20 15:21:28 UTC 
Looks like the first RuntimeException already was changed to an
IllegalArgumentException.

Also, the second issue is not an issue -- two lines later, a check to
see if 's' is null is performed (which can happen either if there is
no sessionId at all, or if the lookup failed and returned a null).