Re: Secure persistence API access
Posted by
Erik Bruchez on
URL: https://discuss.orbeon.com/Secure-persistence-API-access-tp4659372p4659394.html
> Using the "oxf.http.forward-cookies" property doesn't seem to work for the persistence API
It seem that the persistence proxy doesn't follow that setting:
http://goo.gl/vT6LwVThis said, headers/cookies forwarding is tricky, and probably something to be discouraged.
On a first access with an initially non-existing session, for example, we cannot forward the JSESSIONID cookie. So we try to guess the cookie value, and this doesn't work with all containers.
> Interestingly, if you set oxf.http.forward-cookies to the empty string "" in properties-local.xml then it gets the default value of "JSESSIONID JSESSIONIDSSO", I had to set it to a random value, "xxx", to turn it off.
Thanks, this got fixed not long ago:
https://github.com/orbeon/orbeon-forms/commit/ced06531bb51a6d81f93625d40fb01c11ec9cbc8-Erik