Details
-
Story
-
Resolution: Fixed
-
High
-
None
-
None
-
None
Description
Hi,
I was thinking we wanted to deprecate the is_logged_in cookie. Now it seems it is enforced, but I just had a brief look.
I am really wondering why do we really need it. What is the story behind it? Isn`t the Session cookie just enough? An if we want to evaluate between personalised and not personalised we just check for the existance of a session.
[ec2-user@localhost 5.2]$ grep -R -i 'is_logged_in' vendor/ezsystems/ vendor/ezsystems/ezpublish-kernel/doc/specifications/cache/context_aware_http_cache.md: if (req.http.Cookie !~ "is_logged_in=" ) { vendor/ezsystems/ezpublish-kernel/doc/specifications/cache/context_aware_http_cache.md: # User don't have "is_logged_in" cookie => Set a hardcoded anonymous hash vendor/ezsystems/ezpublish-kernel/eZ/Publish/Core/REST/Server/Output/ValueObjectVisitor/UserSession.php: $visitor->setHeader( 'Set-Cookie', 'is_logged_in=true; path=/' ); vendor/ezsystems/ezpublish-kernel/eZ/Publish/Core/MVC/Legacy/Security/Firewall/LegacyListener.php: if ( $request->cookies->has( 'is_logged_in' ) && $request->cookies->get( 'is_logged_in' ) === 'true' ) vendor/ezsystems/ezpublish-kernel/eZ/Publish/Core/MVC/Legacy/Security/Firewall/LoginCleanupListener.php: * In this case we need to properly remove the is_logged_in cookie and the user id stored in session. vendor/ezsystems/ezpublish-kernel/eZ/Publish/Core/MVC/Legacy/Security/Firewall/LoginCleanupListener.php: if ( !$e->getAuthenticationToken()->isAuthenticated() && $request->cookies->has( 'is_logged_in' ) ) vendor/ezsystems/ezpublish-kernel/eZ/Publish/Core/MVC/Legacy/Security/Firewall/LoginCleanupListener.php: * Removes is_logged_in cookie if needed. vendor/ezsystems/ezpublish-kernel/eZ/Publish/Core/MVC/Legacy/Security/Firewall/LoginCleanupListener.php: $e->getResponse()->headers->clearCookie( 'is_logged_in' ); vendor/ezsystems/ezpublish-kernel/eZ/Bundle/EzPublishCoreBundle/Tests/KernelTest.php: $request->cookies->set( 'is_logged_in', 'true' ); vendor/ezsystems/ezpublish-kernel/eZ/Bundle/EzPublishCoreBundle/Tests/KernelTest.php: $request->cookies->set( 'is_logged_in', 'true' ); vendor/ezsystems/ezpublish-kernel/eZ/Bundle/EzPublishCoreBundle/Kernel.php: if ( !$request->cookies->has( 'is_logged_in' ) )