You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cocoon.apache.org by Dennis Dam <d....@hippo.nl> on 2006/08/01 12:02:52 UTC
Puzzle: Login method using the following criteria
Hi all,
I need to make a login functionality for a website.. On every page in
the website, there is a login form which you can use to login. After
login, you see an enriched website based on your user group. In the
current implementation, I am posting the login form to a certain url,
and then perform an internal redirect from flowscript to the homepage.
However, then you will see a different url in your browser (i.e.
/login/doLogin)
This is not really what I want. I want the user to stay on the same page
AND stay on the same page! So I want to post the login form with an
empty action attribute: <form action=""> .. </form>. Furthermore, I
have the following criteria the login method should meet:
1. don't use client side javascript / client side redirects (i.e. meta
refresh)
2. don't use external redirects in cocoon
3. the url in the browser should not change
Ok, I tried posting the login form to "/url/to/current/page", and
catching the request with a request matcher in the main sitemap. In
flowscript I perform the login action, and then I redirect to
cocoon://url/to/current/page again . But .. ofcourse the login request
parameter is still there, so the redirect comes back to the same login
flowscript, because of the request matcher. There is your infinite loop
/ internal server error.
I tried deleting the request parameter, to be able to perform the
redirect normally, but this doesn't seem possible.
Does anybody know a login method which meets the above criteria?
regards,
Dennis Dam
--
Hippo
Oosteinde 11
1017WT Amsterdam
The Netherlands
Tel +31 (0)20 5224466
-------------------------------------------------------------
d.dam@hippo.nl / http://www.hippo.nl
--------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org
Re: Puzzle: Login method using the following criteria
Posted by Nils Kaiser <Ni...@gmx.net>.
>
>> If that is still a problem, you could send another pipeline to the
>> client which shows the same content but does not perform the request
>> check (for example by appending a prefix). You can then even use
>> resources inside both pipelines to do similar transforms.
>>
> it doesn't matter whether you redirect to another pipeline with a
> different prefix or not .. cocoon will still end up in the request
> matcher
You should check the prefix before matching for a special pipeline
whitch shows the content... i.e. use the request matcher only for the
requests that do not match the special pipeline. You can achieve that by
matching the special pipeline first, and matching the request parameter
then.
I meant something like this:
<map:pipelines>
<map:pipeline internal-only="true">
<map:match pattern="loggedin/**">
... show content ...
</map:match>
<map:pipeline>
<map:pipeline>
<map:match type="parameter" pattern="username">
... decide which content to show and redirect/sendPage using
loggedin/ pipeline ...
</map:match>
<map:pipeline>
<map:pipelnies>
If I am still missing your point, submit a portion of your sitemap for
better understanding.
Re: Puzzle: Login method using the following criteria
Posted by Dennis Dam <d....@hippo.nl>.
Nils Kaiser wrote:
> Hey Dennis,
>
> in your flowscript, when the user is successfully logged in, don't
> redirect using the cocoon:// url, but instead call the pipeline using
> sendPage. The request headers should not be there as it is an internal
> request.
>
they are there .. still getting internal server error.
> If that is still a problem, you could send another pipeline to the
> client which shows the same content but does not perform the request
> check (for example by appending a prefix). You can then even use
> resources inside both pipelines to do similar transforms.
>
it doesn't matter whether you redirect to another pipeline with a
different prefix or not .. cocoon will still end up in the request matcher
> You can also place the flowscript on top of every request, and do the
> check inside of it, using sendPage to send the right pipeline to the
> client depending if the user is logged in or not. That would be the
> cleanest controller approach I think.
that mean doing a check on login variables on every hit? I know it's a
simple check, but is no way to solve this problem using only sitemap
components?
>
> Greetings,
>
> Nils
--
Hippo
Oosteinde 11
1017WT Amsterdam
The Netherlands
Tel +31 (0)20 5224466
-------------------------------------------------------------
d.dam@hippo.nl / http://www.hippo.nl
--------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org
Re: Puzzle: Login method using the following criteria
Posted by Nils Kaiser <Ni...@gmx.net>.
Hey Dennis,
in your flowscript, when the user is successfully logged in, don't
redirect using the cocoon:// url, but instead call the pipeline using
sendPage. The request headers should not be there as it is an internal
request.
If that is still a problem, you could send another pipeline to the
client which shows the same content but does not perform the request
check (for example by appending a prefix). You can then even use
resources inside both pipelines to do similar transforms.
You can also place the flowscript on top of every request, and do the
check inside of it, using sendPage to send the right pipeline to the
client depending if the user is logged in or not. That would be the
cleanest controller approach I think.
Greetings,
Nils
Re: Puzzle: Login method using the following criteria
Posted by Mark Lundquist <ml...@wrinkledog.com>.
On Aug 1, 2006, at 3:02 AM, Dennis Dam wrote:
> Ok, I tried posting the login form to "/url/to/current/page", and
> catching the request with a request matcher in the main sitemap. In
> flowscript I perform the login action, and then I redirect to
> cocoon://url/to/current/page again . But .. ofcourse the login request
> parameter is still there, so the redirect comes back to the same login
> flowscript, because of the request matcher. There is your infinite
> loop / internal server error.
Could you use a <select type="request-method> in your matcher to effect
different handling for when the form is POSTed to the current page URI
vs. the GET case (simple navigation or redirect from the login
handler)?
—ml—
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org