You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cocoon.apache.org by Tim Barrett <T....@bath.ac.uk> on 2006/01/26 15:08:48 UTC

Failing to carry session over https redirect

Hi,

I've just developed my first project in Cocoon (I'm using 2.1.8,
and Tomcat 5.5.12), and I've managed to solve all the problems
I've come across except for one:

The site requires authentication, and I want the authentication
page to run over https whilst the rest of the site is served
with plain http.

I have the following in the sitemap:

<handler name="rohandler">
    <redirect-to uri="https://www.bath.ac.uk/ro/login"/>
    <authentication uri="cocoon:/ro-auth"/>
</handler>

<act type="auth-login">
    <parameter name="handler" value="rohandler"/>
    <redirect-to uri="http://www.bath.ac.uk{request-param:target-page}"
     session="yes"/>
</act>

This works fine if cookies are enabled, but everything else works
without relying on cookies and I would like this to as well.
The trouble is that the ;jsession=xxx string is not included in the
URL when redirecting from http to https and vice versa, even if I
set session="yes" in the redirect-to tags (which appears to be the
default in these circumstances anyway).

The after-authentication redirect can be made to work by brute
force like this:

<act type="auth-login">
    <parameter name="handler" value="rohandler"/>
    <redirect-to uri="http://www.bath.ac.uk
     {request-param:target-page};jsessionid={session:id}"/>
</act>

However trying the same trick pre-authentication like this...

<handler name="rohandler">
    <redirect-to uri="https://www.bath.ac.uk/ro/
     login;jsessionid={session:id}"/>
    <authentication uri="cocoon:/ro-auth"/>
</handler>

Ends up at a URL like this:

https://www.bath.ac.uk/ro/login;jsessionid={session:id}?resource=...


So my question is: What have I missed that would make it just work
without having to fudge it?

And secondly: Why does the fudge only work in one direction?

Thanks,
Tim Barrett
-- 
Systems Programmer -- University of Bath Computing Services
T.R.Barrett@bath.ac.uk                        01225 38 6485

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org