Switch the authToken processing to look at the cookie, and not the

request parameters. Refs: #8700

Switch the authToken processing to look at the cookie, and not the
request parameters. Refs: #8700
Adam Heath
Showing 1 changed file with 10 additions and 1 deletions
src/com/brainfood/ofbiz/DirectControlServlet.java
--- a/src/com/brainfood/ofbiz/DirectControlServlet.java
View file @9d180d5
+++ b/src/com/brainfood/ofbiz/DirectControlServlet.java
View file @9d180d5
@@ -410,7 +410,16 @@ public class DirectControlServlet extends HttpServlet {

            // If the sessionId parameter is set, attempt to look up the corresponding
            // UserLogin and apply it to the service context
-            String authToken = request.getParameter("sessionId");
+            Cookie[] requestCookies = request.getCookies();
+            String authToken = null;
+            if (requestCookies != null) {
+                for (Cookie requestCookie: requestCookies) {
+                    if (requestCookie.getName().equals(sessionTokenName)) {
+                        authToken = requestCookie.getValue();
+                    }
+                }
+            }
+            //String authToken = request.getParameter("sessionId");
            if (authToken != null) {
                GenericValue authTokenEntity = EntityUtil.getFirst(
                    EntityUtil.filterByDate(