e6c992a5 by Ean Schuessler

Merge branch 'BF-8700' into 'master'

#8700: Switch the authToken processing to look at the cookie, and not the request parameters

See merge request !3
2 parents 4be4d1f9 9d180d57
...@@ -410,7 +410,16 @@ public class DirectControlServlet extends HttpServlet { ...@@ -410,7 +410,16 @@ public class DirectControlServlet extends HttpServlet {
410 410
411 // If the sessionId parameter is set, attempt to look up the corresponding 411 // If the sessionId parameter is set, attempt to look up the corresponding
412 // UserLogin and apply it to the service context 412 // UserLogin and apply it to the service context
413 String authToken = request.getParameter("sessionId"); 413 Cookie[] requestCookies = request.getCookies();
414 String authToken = null;
415 if (requestCookies != null) {
416 for (Cookie requestCookie: requestCookies) {
417 if (requestCookie.getName().equals(sessionTokenName)) {
418 authToken = requestCookie.getValue();
419 }
420 }
421 }
422 //String authToken = request.getParameter("sessionId");
414 if (authToken != null) { 423 if (authToken != null) {
415 GenericValue authTokenEntity = EntityUtil.getFirst( 424 GenericValue authTokenEntity = EntityUtil.getFirst(
416 EntityUtil.filterByDate( 425 EntityUtil.filterByDate(
......