Significance of LOGIN cookie

Fórumok

Sathya E, módosítva 10 év-val korábban

Significance of LOGIN cookie

New Member Bejegyzések: 22 Csatlakozás dátuma: 2009.03.31. Legújabb bejegyzések

The LOGIN cookie is getting set to the response after successful authentication of a user. And Liferay stores the userid encoded in that cookie (which can easily decoded using any decoder). I would like to know the impact of removing / modifying this cookie ?

Comments are welcome.

Thanks
Sathya

David H Nebinger, módosítva 10 év-val korábban

RE: Significance of LOGIN cookie

Liferay Legend Bejegyzések: 14915 Csatlakozás dátuma: 2006.09.02. Legújabb bejegyzések

You can disable the cookie in portal-ext.properties. You should not change anything that is used by Liferay unless you are willing to dig into all of the code and modify to match the changes you're doing.

Long story short, having a cookie w/ user id doesn't give you a whole heck of a lot. Basically it's used to pre-populate the user name on the login form. Doesn't give you any access, doesn't violate authentication or authorization, etc.

So it's really nothing that you should worry about.

Sathya E, módosítva 10 év-val korábban

RE: Significance of LOGIN cookie

New Member Bejegyzések: 22 Csatlakozás dátuma: 2009.03.31. Legújabb bejegyzések

Thanks David.

Can you give me the property name to be added in portal-ext.properties to disable this.

Sathya E, módosítva 10 év-val korábban

RE: Significance of LOGIN cookie

New Member Bejegyzések: 22 Csatlakozás dátuma: 2009.03.31. Legújabb bejegyzések

The below property should disable the cookies being set for auto-login process. Please confirm if this is right.

session.enable.persistent.cookies=false