[jira] Commented: (SLING-1614) Form Auth is not returning user to anonymous JCR state after timeout

["Ian Boston (JIRA)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/SLING-1614?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12893215#action_12893215 ] 

Ian Boston commented on SLING-1614:
-----------------------------------

SLING-1588 has been fixed (just now), so no infinite loop, but this still causes you to get the login page rather than drop back to an anon user.

1. Can you check that you dont have an infinite loop now for the login and I will look at making the notification of failure of fall through configurable.

> Form Auth is not returning user to anonymous JCR state after timeout 
> ---------------------------------------------------------------------
>
>                 Key: SLING-1614
>                 URL: https://issues.apache.org/jira/browse/SLING-1614
>             Project: Sling
>          Issue Type: Bug
>          Components: Extensions
>            Reporter: Mike Moulton
>             Fix For: Extensions Form Based Authentication 1.0.0
>
>
> Per a discussion on the dev list [1], it looks like the Form Auth extension is not properly handling timeouts.
> Steps to reproduce:
> - Start up the standalone sling.
> - Install the form auth bundle.
> - Goto: http://localhost:8080/index.html - page should render
> - Goto: http://localhost:8080/system/sling/form/login - login
> - Goto: http://localhost:8080/index.html - page should still render
> - Wait for session cookie to timeout (I lowered the timeout to 1 min for my testing)
> - Refresh: http://localhost:8080/index.html - page will redirect to login form
> Expected behavior is that the form auth handler will return the session to an anonymous state if the cookie has timed out.
> Related to SLING-1588
> [1] http://sling.markmail.org/thread/mqp3e7xkrtggpsef

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.