Details
-
Type:
Bug
-
Status:
Resolved
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 6.1.1 CE GA2, 6.1.20 EE GA2
-
Component/s: Authentication
-
Labels:None
-
Environment:Windows, Linux, JBoss
-
Branch Version/s:6.1.x
-
Backported to Branch:Committed
-
Fix Priority:5
-
Similar Issues:
Description
We have 2 Liferay instances on our server.
Both of them are reachable via their own subdomain.
Instance 1: de.sample.com
Instance 2: test.sample.com
We have the problem, that Liferay cookies aren't saved with fully qualified domain name, but they are saved such as "sample.com" instead of "de.sample.com".
We do not want cookie sharing across domains.
Instances should be completely independent from each other.
We've located this problem:
In class portal-impl/src/com/liferay/portal/util/CookieKeys their is a method, called getDomain(String host), which cuts off everything before the first ".":
public static String getDomain(String host) {
// See LEP-4602 and LEP-4645.
if (host == null)
// See
if (Validator.isIPAddress(host)) { return host; }
int x = host.lastIndexOf(StringPool.PERIOD);
if (x <= 0) { return null; }
int y = host.lastIndexOf(StringPool.PERIOD, x - 1);
if (y <= 0)
{ return StringPool.PERIOD + host; } int z = host.lastIndexOf(StringPool.PERIOD, y - 1);
String domain = null;
if (z <= 0)
else
{ domain = host.substring(z); } return domain;
}
Is there a way to disable this "feature"?
Issue verified in 6.1.1 and 6.2.x.