cancel
Showing results for 
Search instead for 
Did you mean: 

secureportaladdon and remember-me Service - still incompatible ? (y 1905+)

kneuhaus
Explorer
149

Hi Folks,

as documented the secureportaladdon is/should be incompatible with the remember-me functionality already given by spring/default b2baccelerator:

https://help.sap.com/viewer/4c33bf189ab9409e84e589295c36d96e/1905/en-US/8aeddd34866910149de2d448ff18...


we did not disabled the remember-me as recommended (as we did't read it before), but having no login-issues.
see: https://answers.sap.com/questions/12759972/is-remember-me-functionality-supported-in-hybris-6.html

So, it's about 5years minimum since the "addon is not fully compatible to remember-me" - is it still true ?
We want to use the remember-me token, but were thrown out to login-page because the class

de.hybris.platform.secureportaladdon.services.impl.SecureUserService

tries to get the session, which fails (but GUID and new Session are present):

public boolean isAnonymousUser(final UserModel user)
{
   final ServletRequestAttributes attr = (ServletRequestAttributes) RequestContextHolder.currentRequestAttributes();
   final HttpSession session = attr.getRequest().getSession(false);
   final CMSSiteModel site = getCmsSiteService().getCurrentSite();

   boolean isUserAnonymous = user == null || super.isAnonymousUser(user);
   if (session == null
         || (site.isRequiresAuthentication() && ((String) session.getAttribute(SECURE_GUID_SESSION_KEY) == null)))
   {
      isUserAnonymous = true;
   }
   return isUserAnonymous;
}

It returns "true" (user is anonymous) because the session is null (which normally never can happen) and not because the user is "really" anonymous. The GUID-Cookie is still set and works, Login succeeds at all.

So it SHOULD work, but returning on LoginPage, because of this above.

Long story short: is it possible to have remember-be working when using secureportaladdon / or WHY not ?


Regards,

Kai

Accepted Solutions (0)

Answers (0)