Strip the hostname from the domain of the authentication cookie so that we

can see it from other servers in the same domain.


git-svn-id: https://samskivert.googlecode.com/svn/trunk@1263 6335cc39-0255-0410-8fd6-9bcaacd3b74c
This commit is contained in:
mdb
2003-10-13 23:16:41 +00:00
parent b256bfe9b3
commit 73e2105272
@@ -1,5 +1,5 @@
//
// $Id: UserManager.java,v 1.20 2003/10/09 00:48:37 ray Exp $
// $Id: UserManager.java,v 1.21 2003/10/13 23:16:41 mdb Exp $
//
// samskivert library - useful routines for java programs
// Copyright (C) 2001 Michael Bayne
@@ -219,6 +219,7 @@ public class UserManager
* @param persist If true, the cookie will expire in one month, if
* false, the cookie will expire at the end of the user's browser
* session.
* @param req The request via which the login page was loaded.
* @param rsp The response in which the cookie is to be set.
* @param auth The authenticator used to check whether the user should
* be authenticated.
@@ -226,7 +227,8 @@ public class UserManager
* @return the user object of the authenticated user.
*/
public User login (String username, String password, boolean persist,
HttpServletResponse rsp, Authenticator auth)
HttpServletRequest req, HttpServletResponse rsp,
Authenticator auth)
throws PersistenceException, AuthenticationFailedException
{
// load up the requested user
@@ -242,6 +244,13 @@ public class UserManager
String authcode = _repository.createNewSession(user, persist);
// stick it into a cookie for their browsing convenience
Cookie acookie = new Cookie(USERAUTH_COOKIE, authcode);
// strip the hostname from the server and use that as the domain
String domain = req.getServerName();
int didx = domain.indexOf(".");
if (didx != -1) {
domain = domain.substring(0, didx);
}
acookie.setDomain(domain);
acookie.setPath("/");
// expire in one month if persistent, else at the end of the
// session