Combination View Flat View Tree View
Threads [ Previous | Next ]
toggle
Sathya E
Significance of LOGIN cookie
September 27, 2013 3:44 AM
Answer

Sathya E

Rank: New Member

Posts: 23

Join Date: March 31, 2009

Recent Posts

The LOGIN cookie is getting set to the response after successful authentication of a user. And Liferay stores the userid encoded in that cookie (which can easily decoded using any decoder). I would like to know the impact of removing / modifying this cookie ?

Comments are welcome.

Thanks
Sathya
David H Nebinger
RE: Significance of LOGIN cookie
September 27, 2013 6:22 AM
Answer

David H Nebinger

Community Moderator

Rank: Liferay Legend

Posts: 9496

Join Date: September 1, 2006

Recent Posts

You can disable the cookie in portal-ext.properties. You should not change anything that is used by Liferay unless you are willing to dig into all of the code and modify to match the changes you're doing.

Long story short, having a cookie w/ user id doesn't give you a whole heck of a lot. Basically it's used to pre-populate the user name on the login form. Doesn't give you any access, doesn't violate authentication or authorization, etc.

So it's really nothing that you should worry about.
Sathya E
RE: Significance of LOGIN cookie
September 27, 2013 6:49 AM
Answer

Sathya E

Rank: New Member

Posts: 23

Join Date: March 31, 2009

Recent Posts

Thanks David.

Can you give me the property name to be added in portal-ext.properties to disable this.
Sathya E
RE: Significance of LOGIN cookie
September 27, 2013 7:12 AM
Answer

Sathya E

Rank: New Member

Posts: 23

Join Date: March 31, 2009

Recent Posts

The below property should disable the cookies being set for auto-login process. Please confirm if this is right.

session.enable.persistent.cookies=false