Hi Folks,
as documented the secureportaladdon is/should be incompatible with the remember-me functionality already given by spring/default b2baccelerator:
https://help.sap.com/viewer/4c33bf189ab9409e84e589295c36d96e/1905/en-US/8aeddd34866910149de2d448ff18...
we did not disabled the remember-me as recommended (as we did't read it before), but having no login-issues.
see: https://answers.sap.com/questions/12759972/is-remember-me-functionality-supported-in-hybris-6.html
So, it's about 5years minimum since the "addon is not fully compatible to remember-me" - is it still true ?
We want to use the remember-me token, but were thrown out to login-page because the class
de.hybris.platform.secureportaladdon.services.impl.SecureUserService
tries to get the session, which fails (but GUID and new Session are present):
public boolean isAnonymousUser(final UserModel user)
{
final ServletRequestAttributes attr = (ServletRequestAttributes) RequestContextHolder.currentRequestAttributes();
final HttpSession session = attr.getRequest().getSession(false);
final CMSSiteModel site = getCmsSiteService().getCurrentSite();
boolean isUserAnonymous = user == null || super.isAnonymousUser(user);
if (session == null
|| (site.isRequiresAuthentication() && ((String) session.getAttribute(SECURE_GUID_SESSION_KEY) == null)))
{
isUserAnonymous = true;
}
return isUserAnonymous;
}
It returns "true" (user is anonymous) because the session is null (which normally never can happen) and not because the user is "really" anonymous. The GUID-Cookie is still set and works, Login succeeds at all.
So it SHOULD work, but returning on LoginPage, because of this above.
Long story short: is it possible to have remember-be working when using secureportaladdon / or WHY not ?
Regards,
Kai
Bluesky
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.