[
https://issues.apache.org/jira/browse/OFBIZ-6111?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15076494#comment-15076494
]
Scott Gray commented on OFBIZ-6111:
-----------------------------------
Looks like the issue is caused by a dropped session. A new session is created
when the logout occurs and the user is redirected to the main page. Because
the redirect switches the user from https to http, the JSESSIONID is included
in the URL of the redirect and isn't set as a cookie (I'm not sure why). I
think the session id inclusion in the URL is preventing the session id from
being sent as a cookie in the subsequent response of the redirect.
So after this point, when the user submits the add to cart form, there's no
session id passed in the request via URL or by cookie and hence a new session
is created. The "main" view was saved as the _SAVED_VIEW_NAME_ session
attribute but that was lost when the additional session was created, so the
request handler defaults back to the default view of "viewCart".
Something like that anyway. It could possibly be a Tomcat bug given that any
of the following would solve the problem:
1. Tomcat could set the session cookie during the redirect response
2. Tomcat could set the session cookie in the subsequent response
Unless I'm missing something.
> Strange Behaviour of the eCommerce Login Link
> ---------------------------------------------
>
> Key: OFBIZ-6111
> URL: https://issues.apache.org/jira/browse/OFBIZ-6111
> Project: OFBiz
> Issue Type: Bug
> Components: specialpurpose/ecommerce
> Affects Versions: Release Branch 12.04, Release Branch 13.07, Trunk
> Reporter: Forrest Rae
> Assignee: Arun Patidar
> Priority: Trivial
> Attachments: OFBIZ-6111.patch, OFBIZ-6111.patch
>
>
> I've noticed some strange behaviour with the Login link in the eCommerce
> application. If you're visit the Login link from "main", you're redirected
> back to the Login view even after logging in:
> 1) Visit http://demo-stable-ofbiz.apache.org/ecommerce/control/main
> 2) Click "Login" in the upper left
> 3) Login as "DemoCustomer" with a password of "ofbiz"
> 4) Notice that you're at a new URL, logged in, but the login form is redrawn.
> Compare this with how it's supposed to work:
> 1) Logout
> 2) Visit http://demo-stable-ofbiz.apache.org/ecommerce/tiny-gismo-GZ-1000-p
> 3) Click "Login" in the upper left
> 4) Login as "DemoCustomer" with a password of "ofbiz"
> 5) Notice that you're at a new URL, but the product page is redrawn correctly.
> It's just really strange behaviour, quite hard to track down, and I can't
> really find a root cause.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
