Uploaded image for project: 'Service Packs and Hot Fixes'
  1. Service Packs and Hot Fixes
  2. MNT-6037

JSP to forward Alfresco will create an additional jsessionid. The flash uploader does not get the correct jsessionid and fails to authenticate during an upload. This is due to the code that retrieves the jsessionid (YUI) overwriting the first jsessionid

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Resolution: Not a bug
    • Affects Version/s: 3.4.4
    • Fix Version/s: 3.4.11
    • Component/s: Share Application
    • Labels:
      None
    • Environment:
      Alfresco Version: 3.4.4
      Alfresco Mobile Version:
      Modules Version:
      OS: Other Linux
      App Server: Tomcat
      Database: MySQL
    • Bug Priority:
      Category 3

      Description

      1. Adding a tomcat/webapps/ROOT/index.jsp creates an additional jsessionid cookie within the browser.

      2. Any kind of forward will send you to the login page which also creates a jsessionid cookie. (Note now you have two jsessionid cookies one for "/" and one for "/share").

      3. Flash upload code relies on the jsessionid in order to authenticate with alfresco. See:
      url += ";jsessionid=" + YAHOO.util.Cookie.get("JSESSIONID") + "?lang=" + Alfresco.constants.JS_LOCALE;
      in method _uploadFromQueue function in flash-upload.js

      4. The YAHOO.util.Cookie.get() code incorrectly overwrites the jsessionid cookie for "/share" with "/". See _parseCookieString method in cookie-debug.js Essentially the code iterates over the keys in the cookie and pops them into an associative array, the second jsession id overwrites the first.

        Attachments

          Activity

            People

            • Assignee:
              closedissues Closed Issues
              Reporter:
              rpierce Ron Pierce
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: