From 3b5384094d59c47a4158045fbc57e39865ab5b99 Mon Sep 17 00:00:00 2001 From: imanie383 Date: Tue, 25 Nov 2025 19:08:03 -0600 Subject: [PATCH] [ADD] http: Enhance multi_session Enhance session management in an Islamic website by implementing a secondary cookie (multi_session_id). Upon user login, the system must register the multi_session_id cookie within the base domain, ensuring it functions alongside the original session cookie. Similarly, upon user logout, the multi_session_id cookie should be deleted in the same manner as the primary session cookie to maintain consistency and security --- odoo/http.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/odoo/http.py b/odoo/http.py index daee6822acc181..caef7373904866 100644 --- a/odoo/http.py +++ b/odoo/http.py @@ -1604,11 +1604,18 @@ def _charset(self): @functools.wraps(werkzeug.Response.set_cookie) def set_cookie(self, key, value='', max_age=None, expires=-1, path='/', domain=None, secure=False, httponly=False, samesite=None, cookie_type='required'): + IrHttp = request.env and request.env['ir.http'] if expires == -1: # not forced value -> default value -> 1 year expires = datetime.now() + timedelta(days=365) - if request.db and not request.env['ir.http']._is_allowed_cookie(cookie_type): + if request.db and IrHttp and not IrHttp._is_allowed_cookie(cookie_type): max_age = 0 + + if request.session.get("multi_login"): + expires = None + max_age = None + elif request.db and key == 'session_id' and not domain and hasattr(IrHttp, '_get_subdomain') and (subdomain := IrHttp._get_subdomain(domain)): + werkzeug.Response.set_cookie(self, "multi_session_id", value=value, max_age=max_age, expires=expires, path=path, domain=subdomain, secure=secure, httponly=httponly, samesite=samesite) werkzeug.Response.set_cookie(self, key, value=value, max_age=max_age, expires=expires, path=path, domain=domain, secure=secure, httponly=httponly, samesite=samesite)