Details

    • Type: Story Story
    • Status: Closed
    • Priority: High High
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 5.3
    • Component/s: None
    • Labels:
      None

      Description

      Hi,

      I was thinking we wanted to deprecate the is_logged_in cookie. Now it seems it is enforced, but I just had a brief look.

      I am really wondering why do we really need it. What is the story behind it? Isn`t the Session cookie just enough? An if we want to evaluate between personalised and not personalised we just check for the existance of a session.

      [ec2-user@localhost 5.2]$ grep -R  -i 'is_logged_in' vendor/ezsystems/
      vendor/ezsystems/ezpublish-kernel/doc/specifications/cache/context_aware_http_cache.md:        if (req.http.Cookie !~ "is_logged_in=" ) {
      vendor/ezsystems/ezpublish-kernel/doc/specifications/cache/context_aware_http_cache.md:            # User don't have "is_logged_in" cookie => Set a hardcoded anonymous hash
      vendor/ezsystems/ezpublish-kernel/eZ/Publish/Core/REST/Server/Output/ValueObjectVisitor/UserSession.php:        $visitor->setHeader( 'Set-Cookie', 'is_logged_in=true; path=/' );
      vendor/ezsystems/ezpublish-kernel/eZ/Publish/Core/MVC/Legacy/Security/Firewall/LegacyListener.php:        if ( $request->cookies->has( 'is_logged_in' ) && $request->cookies->get( 'is_logged_in' ) === 'true' )
      vendor/ezsystems/ezpublish-kernel/eZ/Publish/Core/MVC/Legacy/Security/Firewall/LoginCleanupListener.php: * In this case we need to properly remove the is_logged_in cookie and the user id stored in session.
      vendor/ezsystems/ezpublish-kernel/eZ/Publish/Core/MVC/Legacy/Security/Firewall/LoginCleanupListener.php:        if ( !$e->getAuthenticationToken()->isAuthenticated() && $request->cookies->has( 'is_logged_in' ) )
      vendor/ezsystems/ezpublish-kernel/eZ/Publish/Core/MVC/Legacy/Security/Firewall/LoginCleanupListener.php:     * Removes is_logged_in cookie if needed.
      vendor/ezsystems/ezpublish-kernel/eZ/Publish/Core/MVC/Legacy/Security/Firewall/LoginCleanupListener.php:            $e->getResponse()->headers->clearCookie( 'is_logged_in' );
      vendor/ezsystems/ezpublish-kernel/eZ/Bundle/EzPublishCoreBundle/Tests/KernelTest.php:        $request->cookies->set( 'is_logged_in', 'true' );
      vendor/ezsystems/ezpublish-kernel/eZ/Bundle/EzPublishCoreBundle/Tests/KernelTest.php:        $request->cookies->set( 'is_logged_in', 'true' );
      vendor/ezsystems/ezpublish-kernel/eZ/Bundle/EzPublishCoreBundle/Kernel.php:        if ( !$request->cookies->has( 'is_logged_in' ) )
      

        Activity

        Hide
        André Rømcke added a comment -

        Fixed in new stack, but legacy stack still needs this for certain things so not removed before legacy is out.

        Show
        André Rømcke added a comment - Fixed in new stack, but legacy stack still needs this for certain things so not removed before legacy is out.

          People

          • Assignee:
            Unassigned
            Reporter:
            Björn Dieding@xrow.de
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: