You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jetspeed-dev@portals.apache.org by "David Sean Taylor (JIRA)" <je...@portals.apache.org> on 2007/05/09 20:38:15 UTC

[jira] Created: (JS2-712) Create new servlet session upon login (configurable)

Create new servlet session upon login (configurable)
----------------------------------------------------

                 Key: JS2-712
                 URL: https://issues.apache.org/jira/browse/JS2-712
             Project: Jetspeed 2
          Issue Type: Improvement
          Components: Security
    Affects Versions: 2.1.1
            Reporter: David Sean Taylor
         Assigned To: David Sean Taylor
             Fix For: 2.1.1


Create new servlet session upon login. In 2.1, the guest session is continued when the user authenticates, which is a valid use-case such as an e-commerce portal which allows users to delay their login but still create a shopping cart before logging in, and then carrying over the session state to the logged user. This enhancement will make the "creation of new session event" configurable in the Spring configuration. The default behavior will still be to not create a new session.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org

[jira] Commented: (JS2-712) Create new servlet session upon login (configurable)

Posted by "Aaron Evans (JIRA)" <je...@portals.apache.org>.

    [ https://issues.apache.org/jira/browse/JS2-712?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12635398#action_12635398 ] 

Aaron Evans commented on JS2-712:
---------------------------------

I tried this out and it seems to do what I want, so thanks very much.  Sorry to take so long to actually use a feature that I requested!

One question though:

In the LoginProxyServlet, you redirect to:

"/login/redirector?token=" + token.getToken() where the token value is the username-timestamp.

Is this token request parameter used later on in the chain? It doesn't seem to affect the behavior of the authentication mechanism or the security valve.

The reason I ask is if it is informational only, I'd suggest removing it.  In my case, it stays visible for a second or two while our dashboard loads and it just seems weird to see the username in the URL. 

Anyhow, obviously not a big deal provided it isn't a security issue (and I'm pretty sure it is not since I tried doing some basic URL manipulation).

Anyhow, thanks again.

-aaron

> Create new servlet session upon login (configurable)
> ----------------------------------------------------
>
>                 Key: JS2-712
>                 URL: https://issues.apache.org/jira/browse/JS2-712
>             Project: Jetspeed 2
>          Issue Type: Improvement
>          Components: Security
>    Affects Versions: 2.1.2
>            Reporter: David Sean Taylor
>            Assignee: David Sean Taylor
>             Fix For: 2.1.2
>
>
> Create new servlet session upon login. In 2.1, the guest session is continued when the user authenticates, which is a valid use-case such as an e-commerce portal which allows users to delay their login but still create a shopping cart before logging in, and then carrying over the session state to the logged user. This enhancement will make the "creation of new session event" configurable in the Spring configuration. The default behavior will still be to not create a new session.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org

[jira] Commented: (JS2-712) Create new servlet session upon login (configurable)

Posted by "David Sean Taylor (JIRA)" <je...@portals.apache.org>.

    [ https://issues.apache.org/jira/browse/JS2-712?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12635427#action_12635427 ] 

David Sean Taylor commented on JS2-712:
---------------------------------------

It is used but the token does not have to be the user name. I agree, it would be better to create a generated token with no meaning. Regardless the tokens will only live for 30 seconds.

> Create new servlet session upon login (configurable)
> ----------------------------------------------------
>
>                 Key: JS2-712
>                 URL: https://issues.apache.org/jira/browse/JS2-712
>             Project: Jetspeed 2
>          Issue Type: Improvement
>          Components: Security
>    Affects Versions: 2.1.2
>            Reporter: David Sean Taylor
>            Assignee: David Sean Taylor
>             Fix For: 2.1.2
>
>
> Create new servlet session upon login. In 2.1, the guest session is continued when the user authenticates, which is a valid use-case such as an e-commerce portal which allows users to delay their login but still create a shopping cart before logging in, and then carrying over the session state to the logged user. This enhancement will make the "creation of new session event" configurable in the Spring configuration. The default behavior will still be to not create a new session.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org

[jira] Resolved: (JS2-712) Create new servlet session upon login (configurable)

Posted by "David Sean Taylor (JIRA)" <je...@portals.apache.org>.

     [ https://issues.apache.org/jira/browse/JS2-712?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

David Sean Taylor resolved JS2-712.
-----------------------------------

    Resolution: Fixed

> Create new servlet session upon login (configurable)
> ----------------------------------------------------
>
>                 Key: JS2-712
>                 URL: https://issues.apache.org/jira/browse/JS2-712
>             Project: Jetspeed 2
>          Issue Type: Improvement
>          Components: Security
>    Affects Versions: 2.1.1
>            Reporter: David Sean Taylor
>            Assignee: David Sean Taylor
>             Fix For: 2.1.1
>
>
> Create new servlet session upon login. In 2.1, the guest session is continued when the user authenticates, which is a valid use-case such as an e-commerce portal which allows users to delay their login but still create a shopping cart before logging in, and then carrying over the session state to the logged user. This enhancement will make the "creation of new session event" configurable in the Spring configuration. The default behavior will still be to not create a new session.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org