CDA: failure when accessing CDA if already logged in, and using double cookies
Concerned version
Version: 2.0.9
Summary
- Configure a http:// CDA vhost
- set double cookies (http + https)
- Login to portal
- Try to access http:// CDA vhost
- Access fails with 403 error
Logs
CDA request with id XXX
Get CDA session XXX
CDA request for id XXX is not valid
Tracked down to :
$cdaInfos->{cookie_value} =
$req->{sessionInfo}->{_httpSession};
$cdaInfos->{cookie_name} = $self->{conf}->{cookieName} . "http";
Unfortunately, when the user is already logger on the portal, _httpSession
is not defined.
Possible fixes
We should store _httpSession
in the database instead of only setting it during the connection