Merge branch 'BF-8700' into 'master'

#8700: Switch the authToken processing to look at the cookie, and not the request parameters See merge request !3

Merge branch 'BF-8700' into 'master'
#8700: Switch the authToken processing to look at the cookie, and not the request parameters See merge request !3
Ean Schuessler
Showing 1 changed file with 10 additions and 1 deletions
src/com/brainfood/ofbiz/DirectControlServlet.java
--- a/src/com/brainfood/ofbiz/DirectControlServlet.java
View file @e6c992a
+++ b/src/com/brainfood/ofbiz/DirectControlServlet.java
View file @e6c992a
@@ -410,7 +410,16 @@ public class DirectControlServlet extends HttpServlet {

            // If the sessionId parameter is set, attempt to look up the corresponding
            // UserLogin and apply it to the service context
-            String authToken = request.getParameter("sessionId");
+            Cookie[] requestCookies = request.getCookies();
+            String authToken = null;
+            if (requestCookies != null) {
+                for (Cookie requestCookie: requestCookies) {
+                    if (requestCookie.getName().equals(sessionTokenName)) {
+                        authToken = requestCookie.getValue();
+                    }
+                }
+            }
+            //String authToken = request.getParameter("sessionId");
            if (authToken != null) {
                GenericValue authTokenEntity = EntityUtil.getFirst(
                    EntityUtil.filterByDate(