Index: lams_central/src/java/org/lamsfoundation/lams/web/EtherpadController.java =================================================================== diff -u -r5648803ecd6be1b5c3e62d8a574bb1fd39661110 -rc364f48d3f1a5d354f6fce9a3063a8f6963e7a62 --- lams_central/src/java/org/lamsfoundation/lams/web/EtherpadController.java (.../EtherpadController.java) (revision 5648803ecd6be1b5c3e62d8a574bb1fd39661110) +++ lams_central/src/java/org/lamsfoundation/lams/web/EtherpadController.java (.../EtherpadController.java) (revision c364f48d3f1a5d354f6fce9a3063a8f6963e7a62) @@ -2,7 +2,6 @@ import java.util.Map; -import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; @@ -59,8 +58,7 @@ String authorId = etherpadService.createAuthor(user.getUserID(), userName); // create cookie with ALL valid user session IDs so there can be multiple pads on a single page - Cookie cookie = etherpadService.createCookie(authorId, etherpadGroupId, true); - response.addCookie(cookie); + etherpadService.createCookie(authorId, etherpadGroupId, true, response); return (String) padData.get("padId"); } Index: lams_common/src/java/org/lamsfoundation/lams/etherpad/service/EtherpadService.java =================================================================== diff -u -r5648803ecd6be1b5c3e62d8a574bb1fd39661110 -rc364f48d3f1a5d354f6fce9a3063a8f6963e7a62 --- lams_common/src/java/org/lamsfoundation/lams/etherpad/service/EtherpadService.java (.../EtherpadService.java) (revision 5648803ecd6be1b5c3e62d8a574bb1fd39661110) +++ lams_common/src/java/org/lamsfoundation/lams/etherpad/service/EtherpadService.java (.../EtherpadService.java) (revision c364f48d3f1a5d354f6fce9a3063a8f6963e7a62) @@ -10,7 +10,7 @@ import java.util.regex.Pattern; import java.util.stream.Collectors; -import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringUtils; import org.lamsfoundation.lams.etherpad.EtherpadException; @@ -85,7 +85,7 @@ * Constructs cookie to be stored at a clientside browser. */ @Override - public Cookie createCookie(String etherpadSessionIds) throws EtherpadException { + public void createCookie(String etherpadSessionIds, HttpServletResponse response) throws EtherpadException { String etherpadServerUrl = Configuration.get(ConfigurationKeys.ETHERPAD_SERVER_URL); URI uri; try { @@ -100,26 +100,25 @@ Matcher m = p.matcher(uri.getHost()); String topLevelDomain = m.matches() ? "." + m.group(1) : uri.getHost(); - Cookie etherpadSessionCookie = new Cookie("sessionID", etherpadSessionIds); + // cookie needs to be constructed manually so we can set SameSite=None + StringBuilder cookieHeaderValue = new StringBuilder("sessionID=\"").append(etherpadSessionIds) + .append("\"; Version 1; Path=/; Discard; Secure; SameSite=None;"); + if (!topLevelDomain.equals("localhost")) { - etherpadSessionCookie.setDomain(topLevelDomain); + cookieHeaderValue.append("Domain=").append(topLevelDomain); } - // A negative value means that the cookie is not stored persistently and will be deleted when the Web browser - // exits. A zero value causes the cookie to be deleted. - etherpadSessionCookie.setMaxAge(-1); - etherpadSessionCookie.setPath("/"); - return etherpadSessionCookie; + response.setHeader("Set-Cookie", cookieHeaderValue.toString()); } @Override @SuppressWarnings("unchecked") - public Cookie createCookie(String authorId, String etherpadGroupId, boolean includeAllGroups) - throws EtherpadException { + public void createCookie(String authorId, String etherpadGroupId, boolean includeAllGroups, + HttpServletResponse response) throws EtherpadException { // search for already existing user's session at Etherpad server Map etherpadSessions = getClient().listSessionsOfAuthor(authorId); String etherpadSessionId = getExistingSessionID(authorId, etherpadGroupId, etherpadSessions, includeAllGroups); - return createCookie(etherpadSessionId); + createCookie(etherpadSessionId, response); } /** Index: lams_common/src/java/org/lamsfoundation/lams/etherpad/service/IEtherpadService.java =================================================================== diff -u -r5648803ecd6be1b5c3e62d8a574bb1fd39661110 -rc364f48d3f1a5d354f6fce9a3063a8f6963e7a62 --- lams_common/src/java/org/lamsfoundation/lams/etherpad/service/IEtherpadService.java (.../IEtherpadService.java) (revision 5648803ecd6be1b5c3e62d8a574bb1fd39661110) +++ lams_common/src/java/org/lamsfoundation/lams/etherpad/service/IEtherpadService.java (.../IEtherpadService.java) (revision c364f48d3f1a5d354f6fce9a3063a8f6963e7a62) @@ -2,7 +2,7 @@ import java.util.Map; -import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletResponse; import org.lamsfoundation.lams.etherpad.EtherpadException; @@ -36,12 +36,13 @@ /** * Constructs cookie to be stored at a client side browser. */ - Cookie createCookie(String etherpadSessionIds) throws EtherpadException; + void createCookie(String etherpadSessionIds, HttpServletResponse response) throws EtherpadException; /** * Constructs cookie to be stored at a client side browser. */ - Cookie createCookie(String authorId, String etherpadGroupId, boolean includeAllGroup) throws EtherpadException; + void createCookie(String authorId, String etherpadGroupId, boolean includeAllGroup, HttpServletResponse response) + throws EtherpadException; /** * Returns valid Etherpad session. Returns existing one if finds such one and creates the new one otherwise Index: lams_tool_doku/src/java/org/lamsfoundation/lams/tool/dokumaran/service/DokumaranService.java =================================================================== diff -u -rb0f4135473a7c21793882bd4aa679e6033d14988 -rc364f48d3f1a5d354f6fce9a3063a8f6963e7a62 --- lams_tool_doku/src/java/org/lamsfoundation/lams/tool/dokumaran/service/DokumaranService.java (.../DokumaranService.java) (revision b0f4135473a7c21793882bd4aa679e6033d14988) +++ lams_tool_doku/src/java/org/lamsfoundation/lams/tool/dokumaran/service/DokumaranService.java (.../DokumaranService.java) (revision c364f48d3f1a5d354f6fce9a3063a8f6963e7a62) @@ -36,7 +36,7 @@ import java.util.function.Function; import java.util.stream.Collectors; -import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringUtils; import org.apache.log4j.Logger; @@ -947,8 +947,8 @@ @SuppressWarnings("unchecked") @Override - public Cookie createEtherpadCookieForLearner(DokumaranUser user, DokumaranSession session) - throws DokumaranApplicationException, EtherpadException { + public void createEtherpadCookieForLearner(DokumaranUser user, DokumaranSession session, + HttpServletResponse response) throws DokumaranApplicationException, EtherpadException { String groupId = session.getEtherpadGroupId(); //don't allow sessions that has had problems with pad initializations. they could be fixed in monitoring by a teacher @@ -966,19 +966,20 @@ // search for already existing user's session at Etherpad server Map etherpadSessions = client.listSessionsOfAuthor(authorId); String etherpadSessionId = etherpadService.getExistingSessionID(authorId, groupId, etherpadSessions); - return etherpadService.createCookie(etherpadSessionId); + etherpadService.createCookie(etherpadSessionId, response); } @SuppressWarnings("unchecked") @Override - public Cookie createEtherpadCookieForMonitor(UserDTO user, Long contentId) throws EtherpadException { + public void createEtherpadCookieForMonitor(UserDTO user, Long contentId, HttpServletResponse response) + throws EtherpadException { String authorId = etherpadService.createAuthor(user.getUserID(), user.getFirstName() + " " + user.getLastName()); List sessionList = dokumaranSessionDao.getByContentId(contentId); if (sessionList.isEmpty()) { - return null; + return; } // in case sharedPadId is present - all sessions will share the same padId - and thus show only one pad @@ -1003,7 +1004,7 @@ etherpadSessionIds += StringUtils.isEmpty(etherpadSessionIds) ? etherpadSessionId : "," + etherpadSessionId; } - return etherpadService.createCookie(etherpadSessionIds); + etherpadService.createCookie(etherpadSessionIds, response); } @Override Index: lams_tool_doku/src/java/org/lamsfoundation/lams/tool/dokumaran/service/IDokumaranService.java =================================================================== diff -u -rb0f4135473a7c21793882bd4aa679e6033d14988 -rc364f48d3f1a5d354f6fce9a3063a8f6963e7a62 --- lams_tool_doku/src/java/org/lamsfoundation/lams/tool/dokumaran/service/IDokumaranService.java (.../IDokumaranService.java) (revision b0f4135473a7c21793882bd4aa679e6033d14988) +++ lams_tool_doku/src/java/org/lamsfoundation/lams/tool/dokumaran/service/IDokumaranService.java (.../IDokumaranService.java) (revision c364f48d3f1a5d354f6fce9a3063a8f6963e7a62) @@ -28,6 +28,7 @@ import java.util.List; import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletResponse; import org.lamsfoundation.lams.etherpad.EtherpadException; import org.lamsfoundation.lams.learningdesign.Grouping; @@ -119,10 +120,11 @@ List getPossibleIndividualTimeLimitUsers(long toolContentId, String searchString); - Cookie createEtherpadCookieForLearner(DokumaranUser user, DokumaranSession session) + void createEtherpadCookieForLearner(DokumaranUser user, DokumaranSession session, HttpServletResponse response) throws DokumaranApplicationException, EtherpadException; - Cookie createEtherpadCookieForMonitor(UserDTO user, Long contentId) throws EtherpadException; + void createEtherpadCookieForMonitor(UserDTO user, Long contentId, HttpServletResponse response) + throws EtherpadException; /** * Creates pad on Etherpad server side. Index: lams_tool_doku/src/java/org/lamsfoundation/lams/tool/dokumaran/web/controller/LearningController.java =================================================================== diff -u -r0ebaba46f0ce87b5138e8e70cc1965887c1c7787 -rc364f48d3f1a5d354f6fce9a3063a8f6963e7a62 --- lams_tool_doku/src/java/org/lamsfoundation/lams/tool/dokumaran/web/controller/LearningController.java (.../LearningController.java) (revision 0ebaba46f0ce87b5138e8e70cc1965887c1c7787) +++ lams_tool_doku/src/java/org/lamsfoundation/lams/tool/dokumaran/web/controller/LearningController.java (.../LearningController.java) (revision c364f48d3f1a5d354f6fce9a3063a8f6963e7a62) @@ -31,7 +31,6 @@ import java.util.List; import java.util.Set; -import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; @@ -209,8 +208,7 @@ if (currentUserDto == null) { currentUserDto = (UserDTO) ss.getAttribute(AttributeNames.USER); } - Cookie cookie = dokumaranService.createEtherpadCookieForMonitor(currentUserDto, dokumaran.getContentId()); - response.addCookie(cookie); + dokumaranService.createEtherpadCookieForMonitor(currentUserDto, dokumaran.getContentId(), response); return "pages/learning/galleryWalk"; } @@ -253,8 +251,7 @@ //add new sessionID cookie in order to access pad if (user != null) { - Cookie etherpadSessionCookie = dokumaranService.createEtherpadCookieForLearner(user, session); - response.addCookie(etherpadSessionCookie); + dokumaranService.createEtherpadCookieForLearner(user, session, response); } return "pages/learning/learning"; Index: lams_tool_doku/src/java/org/lamsfoundation/lams/tool/dokumaran/web/controller/MonitoringController.java =================================================================== diff -u -r1324c32fc07460a47b0b53b25a2b43d77fbd500c -rc364f48d3f1a5d354f6fce9a3063a8f6963e7a62 --- lams_tool_doku/src/java/org/lamsfoundation/lams/tool/dokumaran/web/controller/MonitoringController.java (.../MonitoringController.java) (revision 1324c32fc07460a47b0b53b25a2b43d77fbd500c) +++ lams_tool_doku/src/java/org/lamsfoundation/lams/tool/dokumaran/web/controller/MonitoringController.java (.../MonitoringController.java) (revision c364f48d3f1a5d354f6fce9a3063a8f6963e7a62) @@ -39,7 +39,6 @@ import java.util.stream.Collectors; import javax.servlet.ServletException; -import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; @@ -170,8 +169,7 @@ //no need to store cookie if there are no sessions created yet if (!groupList.isEmpty()) { // add new sessionID cookie in order to access pad - Cookie etherpadSessionCookie = dokumaranService.createEtherpadCookieForMonitor(user, contentId); - response.addCookie(etherpadSessionCookie); + dokumaranService.createEtherpadCookieForMonitor(user, contentId, response); } return "pages/monitoring/monitoring";