You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Eric Norman (Jira)" <ji...@apache.org> on 2021/06/09 00:29:00 UTC
[jira] [Updated] (SLING-10290) Every request renews sling.formauth
token
[ https://issues.apache.org/jira/browse/SLING-10290?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Eric Norman updated SLING-10290:
--------------------------------
Fix Version/s: (was: Form Based Authentication 1.0.22)
Form Based Authentication 1.0.24
> Every request renews sling.formauth token
> -----------------------------------------
>
> Key: SLING-10290
> URL: https://issues.apache.org/jira/browse/SLING-10290
> Project: Sling
> Issue Type: Bug
> Components: Authentication
> Affects Versions: Form Based Authentication 1.0.20
> Reporter: Cris Rockwell
> Assignee: Eric Norman
> Priority: Critical
> Fix For: Form Based Authentication 1.0.24
>
> Attachments: image-2021-04-09-14-19-17-509.png
>
> Time Spent: 1.5h
> Remaining Estimate: 0h
>
> When using Apache Sling Form Based Authentication Handler
> Every request and subrequest sets a new value for `sling.formauth`
> Analyzing the code indicates that it not the intended behavior,
> and the cookie value of `sling.formauth` should be consistent for 30 minutes
> according to the default value of form.auth.timeout
> Debugging shows that the method [getCookieAuthData|https://github.com/apache/sling-org-apache-sling-auth-form/blob/master/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java#L514-L519] always returns null.... AuthenticationInfo properties are user.jcr.credentials, sling.authType and user.name. But this is not a property called sling.formauth
--
This message was sent by Atlassian Jira
(v8.3.4#803005)