Bug 129503 - redhat global cookie not set
redhat global cookie not set
Status: CLOSED CURRENTRELEASE
Product: Red Hat Network
Classification: Red Hat
Component: RHN/R&D (Show other bugs)
RHN Devel
All Linux
medium Severity medium
: ---
: ---
Assigned To: Chip Turner
Fanny Augustin
:
Depends On:
Blocks: rhnMilestone1
  Show dependency treegraph
 
Reported: 2004-08-09 16:12 EDT by Ryan Bloom
Modified: 2007-04-18 13:10 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-09-20 11:21:28 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Ryan Bloom 2004-08-09 16:12:59 EDT
The www site and rhn have a single cookie that is set so that a logged
in user is logged into both sites.  The Java code is not yet setting
that cookie.
Comment 1 Ryan Bloom 2004-08-13 16:34:31 EDT
assign to chip.
Comment 2 Chip Turner 2004-09-07 14:10:31 EDT
this should be in with the caveat that right now it doesn't respect
SSL since we have no way to work with SSL in the current development
environment.  closing this bug, opening a bug regarding ssl.
Comment 3 Ryan Bloom 2004-09-14 12:46:33 EDT
There were comments made on this commit that have not been resolved yet.

 Modified: trunk/code/src/com/redhat/rhn/domain/session/SessionImpl.java
> ===================================================================
> --- trunk/code/src/com/redhat/rhn/domain/session/SessionImpl.java  
  2004-09-03 20:00:16 UTC (rev 1132)
> +++ trunk/code/src/com/redhat/rhn/domain/session/SessionImpl.java  
  2004-09-03 22:44:38 UTC (rev 1133)
> @@ -25,7 +25,7 @@
>      private long id;
>      private String value;
>      private long expires;
> -    private long webUserId;
> +    private Long webUserId;
>      private Map valueMap;
>      private User user;
>
> @@ -64,7 +64,7 @@
>       * Gets the current value of web_user_id
>       * @return long - the current value
>       */
> -    public long getWebUserId() {
> +    public Long getWebUserId() {
>          return webUserId;
>      }
>
> @@ -72,9 +72,11 @@
>       * Sets the value of web_user_id to new value
>       * @param idIn New value for id
>       */
> -    public void setWebUserId(long idIn) {
> +    public void setWebUserId(Long idIn) {
> +        if (idIn != null && idIn.longValue() == 0) {
> +            throw new RuntimeException("no such thing as user 0!");
> +        }
                                                                     
                                                                     
                                                                     
                
Please, do not throw RuntimeException.
                                                                     
                                                                     
                                                                     
                
> Copied: trunk/code/src/com/redhat/rhn/frontend/util/LoginUtil.java
(from rev 1129,
trunk/code/src/com/redhat/rhn/frontend/action/LoginUtil.java)
> ===================================================================
> --- trunk/code/src/com/redhat/rhn/frontend/action/LoginUtil.java   
  2004-09-03 13:45:32 UTC (rev 1129)
> +++ trunk/code/src/com/redhat/rhn/frontend/util/LoginUtil.java     
  2004-09-03 22:44:38 UTC (rev 1133)
> @@ -0,0 +1,99 @@
> +/**
> + * Copyright (c) 2004 Red Hat, Inc.
> + * All Rights Reserved.
> + *
> + * This software is the confidential and proprietary information of
> + * Red Hat, Inc. ("Confidential Information").  You shall not
> + * disclose such Confidential Information and shall use it only in
> + * accordance with the terms of the license agreement you entered into
> + * with Red Hat.
> + */
> +package com.redhat.rhn.frontend.util;
> +
> +import com.redhat.rhn.common.conf.Config;
> +import com.redhat.rhn.common.security.SessionSwap;
> +import com.redhat.rhn.domain.session.Session;
> +import com.redhat.rhn.domain.session.SessionFactory;
> +import com.redhat.rhn.manager.session.SessionManager;
> +
> +import java.util.Date;
> +
> +import javax.servlet.http.Cookie;
> +import javax.servlet.http.HttpServletRequest;
> +import javax.servlet.http.HttpServletResponse;
> +import javax.servlet.http.HttpSession;
> +
> +/**
> + * LoginUtil
> + * @version $Rev$
> + */
> +public class LoginUtil {
> +    /** the name of the Red Hat auth token */
> +    public static final String AUTH_COOKIE_NAME = "rh_auth_token";
> +
> +    private LoginUtil() {
> +    }
> +
> +    /** utility function to retrieve a given user's session, or, if it
> +      * doesn't exist, create it */
> +
> +    public static Session findUserSession(HttpServletRequest request) {
> +        HttpSession session = request.getSession();
> +        Long sessionId = (Long)session.getAttribute("session_id");
> +
> +        Session s = null;
> +        long expirationTime = SessionManager.timeoutValue();
> +
> +        if (sessionId != null) {
> +            s = SessionFactory.lookupById(sessionId, null);
                                                                     
                                                                     
                                                                     
                
You didn't handle the null return here.  That means that this method can
easily return null, which will cause an NPE in other code.  Either don't
pass in anything, pass in an Exception, or handle the null case.
                                                                     
                                                                     
                                                                     
                

Comment 4 Chip Turner 2004-09-20 11:21:28 EDT
Looks like the first RuntimeException already was changed to an
IllegalArgumentException.

Also, the second issue is not an issue -- two lines later, a check to
see if 's' is null is performed (which can happen either if there is
no sessionId at all, or if the lookup failed and returned a null).

Note You need to log in before you can comment on or make changes to this bug.