This is an automated email from the ASF dual-hosted git repository. mbrohl pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push: new ffcd8f3 Fixed: Remove _PREVIOUS_REQUEST_ Session Attribute on non-authentication pages (OFBIZ-12047) ffcd8f3 is described below commit ffcd8f34fc39db979e4ba6ec455b4dc165276632 Author: Ingo Könemann <ingo.koenem...@ecomify.de> AuthorDate: Wed Feb 3 09:19:12 2021 +0100 Fixed: Remove _PREVIOUS_REQUEST_ Session Attribute on non-authentication pages (OFBIZ-12047) Added removal of the _PREVIOUS_REQUEST_ attribute when requesting non-authenticated sites and moved targetRequestUri handling to a accommodate this change --- .../apache/ofbiz/webapp/control/RequestHandler.java | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java index 3bf5632..6b2c08a 100644 --- a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java +++ b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java @@ -383,13 +383,6 @@ public final class RequestHandler { // Grab data from request object to process String defaultRequestUri = RequestHandler.getRequestUri(request.getPathInfo()); - if (request.getAttribute("targetRequestUri") == null) { - if (request.getSession().getAttribute("_PREVIOUS_REQUEST_") != null) { - request.setAttribute("targetRequestUri", request.getSession().getAttribute("_PREVIOUS_REQUEST_")); - } else { - request.setAttribute("targetRequestUri", "/" + defaultRequestUri); - } - } String requestMissingErrorMessage = "Unknown request [" + defaultRequestUri @@ -636,6 +629,17 @@ public final class RequestHandler { requestMap = ccfg.getRequestMapMap().get("ajaxCheckLogin"); } } + } else { + // Remove previous request attribute on navigation to non-authenticated request + request.getSession().removeAttribute("_PREVIOUS_REQUEST_"); + } + + if (request.getAttribute("targetRequestUri") == null) { + if (request.getSession().getAttribute("_PREVIOUS_REQUEST_") != null) { + request.setAttribute("targetRequestUri", request.getSession().getAttribute("_PREVIOUS_REQUEST_")); + } else { + request.setAttribute("targetRequestUri", "/" + defaultRequestUri); + } } // after security check but before running the event, see if a post-login redirect has completed and we have data from the pre-login