(ofbiz-framework) branch release24.09 updated: Fixed: Set secure flag for cookies in TrackingCodeEvents, ShoppingListEvents, and LoginWorker

Wed, 27 May 2026 11:04:10 -0700 

This is an automated email from the ASF dual-hosted git repository.

jacopoc pushed a commit to branch release24.09
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/release24.09 by this push:
     new a049ec2105 Fixed: Set secure flag for cookies in TrackingCodeEvents, 
ShoppingListEvents, and LoginWorker
a049ec2105 is described below

commit a049ec210599da0dea8b9ebd94132fb7498abebc
Author: Jacopo Cappellato <[email protected]>
AuthorDate: Wed May 27 18:43:47 2026 +0200

    Fixed: Set secure flag for cookies in TrackingCodeEvents, 
ShoppingListEvents, and LoginWorker
    
    (cherry picked from commit 27b58a914e90bdcfd90dfb7dd4f5248ab6d0c2cb)
---
 .../java/org/apache/ofbiz/marketing/tracking/TrackingCodeEvents.java     | 1 +
 .../java/org/apache/ofbiz/order/shoppinglist/ShoppingListEvents.java     | 1 +
 .../src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java       | 1 +
 3 files changed, 3 insertions(+)

diff --git 
a/applications/marketing/src/main/java/org/apache/ofbiz/marketing/tracking/TrackingCodeEvents.java
 
b/applications/marketing/src/main/java/org/apache/ofbiz/marketing/tracking/TrackingCodeEvents.java
index 5e1819004c..278e39059c 100644
--- 
a/applications/marketing/src/main/java/org/apache/ofbiz/marketing/tracking/TrackingCodeEvents.java
+++ 
b/applications/marketing/src/main/java/org/apache/ofbiz/marketing/tracking/TrackingCodeEvents.java
@@ -475,6 +475,7 @@ public class TrackingCodeEvents {
             for (Cookie cookie : cookies) {
                 if (cookie.getName().endsWith("_ACCESS")) {
                     cookie.setMaxAge(0);
+                    cookie.setSecure(true);
                     response.addCookie(cookie);
                 }
             }
diff --git 
a/applications/order/src/main/java/org/apache/ofbiz/order/shoppinglist/ShoppingListEvents.java
 
b/applications/order/src/main/java/org/apache/ofbiz/order/shoppinglist/ShoppingListEvents.java
index 94cdc374c3..660b6dcd20 100644
--- 
a/applications/order/src/main/java/org/apache/ofbiz/order/shoppinglist/ShoppingListEvents.java
+++ 
b/applications/order/src/main/java/org/apache/ofbiz/order/shoppinglist/ShoppingListEvents.java
@@ -766,6 +766,7 @@ public class ShoppingListEvents {
         Cookie guestShoppingListCookie = new Cookie(guestShoppingUserName, 
null);
         guestShoppingListCookie.setMaxAge(0);
         guestShoppingListCookie.setPath("/");
+        guestShoppingListCookie.setSecure(true);
         response.addCookie(guestShoppingListCookie);
         return "success";
     }
diff --git 
a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
 
b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
index c85e39fe60..f139f10b45 100644
--- 
a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
+++ 
b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
@@ -1172,6 +1172,7 @@ public final class LoginWorker {
             autoLoginCookie.setMaxAge(0);
             
autoLoginCookie.setDomain(EntityUtilProperties.getPropertyValue("url", 
"cookie.domain", delegator));
             autoLoginCookie.setPath("root".equals(applicationName) ? "/" : 
request.getContextPath());
+            autoLoginCookie.setSecure(true);
             response.addCookie(autoLoginCookie);
         }
         // remove the session attributes

Reply via email to