e6c992a5 by Ean Schuessler

Merge branch 'BF-8700' into 'master'

#8700: Switch the authToken processing to look at the cookie, and not the request parameters

See merge request !3
2 parents 4be4d1f9 9d180d57
......@@ -410,7 +410,16 @@ public class DirectControlServlet extends HttpServlet {
// If the sessionId parameter is set, attempt to look up the corresponding
// UserLogin and apply it to the service context
String authToken = request.getParameter("sessionId");
Cookie[] requestCookies = request.getCookies();
String authToken = null;
if (requestCookies != null) {
for (Cookie requestCookie: requestCookies) {
if (requestCookie.getName().equals(sessionTokenName)) {
authToken = requestCookie.getValue();
}
}
}
//String authToken = request.getParameter("sessionId");
if (authToken != null) {
GenericValue authTokenEntity = EntityUtil.getFirst(
EntityUtil.filterByDate(
......