CDA: failure when accessing CDA if already logged in, and using double cookies (#2382) · Issues · LemonLDAP NG / lemonldap-ng

CDA: failure when accessing CDA if already logged in, and using double cookies

Concerned version

Version: 2.0.9

Summary

Configure a http:// CDA vhost
set double cookies (http + https)
Login to portal
Try to access http:// CDA vhost
Access fails with 403 error

Logs

CDA request with id XXX
Get CDA session XXX
CDA request for id XXX is not valid

Tracked down to :

            $cdaInfos->{cookie_value} =
              $req->{sessionInfo}->{_httpSession};
            $cdaInfos->{cookie_name} = $self->{conf}->{cookieName} . "http";

Unfortunately, when the user is already logger on the portal, _httpSession is not defined.

Possible fixes

We should store _httpSession in the database instead of only setting it during the connection