(ofbiz-framework) branch trunk updated: Fixed: Set secure flag for cookies in TrackingCodeEvents, ShoppingListEvents, and LoginWorker

Wed, 27 May 2026 10:39:58 -0700 

This is an automated email from the ASF dual-hosted git repository.

jacopoc pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/trunk by this push:
     new 27b58a914e Fixed: Set secure flag for cookies in TrackingCodeEvents, 
ShoppingListEvents, and LoginWorker
27b58a914e is described below

commit 27b58a914e90bdcfd90dfb7dd4f5248ab6d0c2cb
Author: Jacopo Cappellato <[email protected]>
AuthorDate: Wed May 27 18:43:47 2026 +0200

    Fixed: Set secure flag for cookies in TrackingCodeEvents, 
ShoppingListEvents, and LoginWorker
---
 .../java/org/apache/ofbiz/marketing/tracking/TrackingCodeEvents.java     | 1 +
 .../java/org/apache/ofbiz/order/shoppinglist/ShoppingListEvents.java     | 1 +
 .../src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java       | 1 +
 3 files changed, 3 insertions(+)

diff --git 
a/applications/marketing/src/main/java/org/apache/ofbiz/marketing/tracking/TrackingCodeEvents.java
 
b/applications/marketing/src/main/java/org/apache/ofbiz/marketing/tracking/TrackingCodeEvents.java
index 58cd31b407..073d42404e 100644
--- 
a/applications/marketing/src/main/java/org/apache/ofbiz/marketing/tracking/TrackingCodeEvents.java
+++ 
b/applications/marketing/src/main/java/org/apache/ofbiz/marketing/tracking/TrackingCodeEvents.java
@@ -475,6 +475,7 @@ public class TrackingCodeEvents {
             for (Cookie cookie : cookies) {
                 if (cookie.getName().endsWith("_ACCESS")) {
                     cookie.setMaxAge(0);
+                    cookie.setSecure(true);
                     response.addCookie(cookie);
                 }
             }
diff --git 
a/applications/order/src/main/java/org/apache/ofbiz/order/shoppinglist/ShoppingListEvents.java
 
b/applications/order/src/main/java/org/apache/ofbiz/order/shoppinglist/ShoppingListEvents.java
index 04d9951773..f2a9410ea1 100644
--- 
a/applications/order/src/main/java/org/apache/ofbiz/order/shoppinglist/ShoppingListEvents.java
+++ 
b/applications/order/src/main/java/org/apache/ofbiz/order/shoppinglist/ShoppingListEvents.java
@@ -766,6 +766,7 @@ public class ShoppingListEvents {
         Cookie guestShoppingListCookie = new Cookie(guestShoppingUserName, 
null);
         guestShoppingListCookie.setMaxAge(0);
         guestShoppingListCookie.setPath("/");
+        guestShoppingListCookie.setSecure(true);
         response.addCookie(guestShoppingListCookie);
         return "success";
     }
diff --git 
a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
 
b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
index 7155ab4ba4..e4678df426 100644
--- 
a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
+++ 
b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
@@ -1156,6 +1156,7 @@ public final class LoginWorker {
             autoLoginCookie.setMaxAge(0);
             
autoLoginCookie.setDomain(EntityUtilProperties.getPropertyValue("url", 
"cookie.domain", delegator));
             autoLoginCookie.setPath("root".equals(applicationName) ? "/" : 
request.getContextPath());
+            autoLoginCookie.setSecure(true);
             response.addCookie(autoLoginCookie);
         }
         // remove the session attributes

Reply via email to