diff --git a/ChangeLog b/ChangeLog index bf7c318d7..2bb4208cb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,15 @@ +2009-09-13 Wolfgang Sourdeau + + * UI/WebServerResources/SOGoRootPage.js (onLoginClick): avoid + setting an empty string as value to "document.cookie" since this + will actually create a cookie. + + * UI/MainUI/SOGoUserHomePage.m (-logoffAction): fixed a typo in + the "cache-control" header. + + * Main/SOGo.m (-sessionIDFromRequest:): overriden method that + returns nil to avoid any session cookie to be set by SOPE. + 2009-09-11 Cyril Robert * UI/Contacts/UIxContactFoldersView.m (allContactSearchAction): Added diff --git a/Main/SOGo.m b/Main/SOGo.m index 3e47ce0b9..160ec82e5 100644 --- a/Main/SOGo.m +++ b/Main/SOGo.m @@ -461,6 +461,11 @@ static BOOL debugObjectAllocation = NO; /* session management */ +- (NSString *) sessionIDFromRequest: (WORequest *) _rq +{ + return nil; +} + - (id) createSessionForRequest: (WORequest *) _request { [self warnWithFormat: @"session creation requested!"]; diff --git a/UI/MainUI/SOGoRootPage.m b/UI/MainUI/SOGoRootPage.m index 4c50706a0..e91c770f4 100644 --- a/UI/MainUI/SOGoRootPage.m +++ b/UI/MainUI/SOGoRootPage.m @@ -89,6 +89,8 @@ static NSArray *supportedLanguages = nil; authCookie = [WOCookie cookieWithName: [auth cookieNameInContext: context] value: cookieValue]; [authCookie setPath: @"/"]; + /* enable this when we have code to determine whether request is HTTPS: + [authCookie setIsSecure: YES]; */ [response addCookie: authCookie]; if (language && [supportedLanguages containsObject: language]) diff --git a/UI/MainUI/SOGoUserHomePage.m b/UI/MainUI/SOGoUserHomePage.m index 4ec067cce..7d895f461 100644 --- a/UI/MainUI/SOGoUserHomePage.m +++ b/UI/MainUI/SOGoUserHomePage.m @@ -290,7 +290,7 @@ static NSString *LDAPContactInfoAttribute = nil; cookieName = [auth cookieNameInContext: context]; else cookieName = nil; - if (cookieName) + if ([cookieName length]) { cookie = [WOCookie cookieWithName: cookieName value: @"discard"]; [cookie setPath: @"/"]; @@ -299,7 +299,7 @@ static NSString *LDAPContactInfoAttribute = nil; } [response setHeader: [date rfc822DateString] forKey: @"Last-Modified"]; - [response setHeader: @"no-store, no-cache, must-revalidate." + [response setHeader: @"no-store, no-cache, must-revalidate," @" max-age=0, post-check=0, pre-check=0" forKey: @"Cache-Control"]; [response setHeader: @"no-cache" forKey: @"Pragma"]; diff --git a/UI/WebServerResources/SOGoRootPage.js b/UI/WebServerResources/SOGoRootPage.js index 88382db04..7960a3fe0 100644 --- a/UI/WebServerResources/SOGoRootPage.js +++ b/UI/WebServerResources/SOGoRootPage.js @@ -3,8 +3,9 @@ function initLogin() { var date = new Date(); date.setTime(date.getTime() - 86400000); - document.cookie = ("0xHIGHFLYxSOGo=discard; path=/" - + "; expires=" + date.toGMTString()); + document.cookie = ("0xHIGHFLYxSOGo=discarded" + + "; expires=" + date.toGMTString() + + "; path=/"); var about = $("about"); if (about) { @@ -48,7 +49,9 @@ function onLoginClick(event) { "&password=" + encodeURIComponent(password); if (language) parameters += (language.value == "WONoSelectionString")?"":("&language=" + language.value); - document.cookie = ""; + /// Discarded as it seems to create a cookie for nothing. To discard + // a cookie in JS, have a look here: http://www.quirksmode.org/js/cookies.html + // document.cookie = ""; triggerAjaxRequest(url, onLoginCallback, null, (parameters), { "Content-type": "application/x-www-form-urlencoded", "Content-length": parameters.length,