[opencms-dev] CmsJspLoginBean not behaving as expected...
Seth Lenzi
lenzi at jimmy.harvard.edu
Wed Mar 13 16:39:55 CET 2013
Hi Christoph,
I can see in the Tomcat log that the request is coming though. What's
intersting is that the login process works fine in IE. It's not working
in Chrome or Firefox.
Here are the steps roughly:
1. User visits page on web site (any page). User is not logged in.
2. User enters username & password into login form.
3. Form is submitted to handler JSP.
4. Handler JSP uses CmsJspLoginBean to log user in. The
CmsJspLoginBean.isLoginSuccess() returns true. I can see that
CmsJspLoginBean creates a new session.
5. User is redirected back to page they first accessed in step 1.
Redirect appears to work as I can see the request in the Tomcat log.
6. Using CmsJspActionElement or CmsJspLoginBean I can see that the
logged in user is Guest.
7. Click browser refresh button.
8. User is now identified as the correct logged in user.
Interestingly the same caching issue appears during log out as well.
After I use CmsJspLoginBean to log the user out it does show that the
user is then Guest, but, as Guest I can still see and access resources
that should only be accessible to the user that was just logged out.
Even if I invalidate the session (which CmsJspLoginBean seems to do anyway.)
I am using mod_proxy to pass request from Apache to Tomcat - might that
have something to do with it? To my knowledge I am not using mod_cache.
Anyway, thanks for your reply.
On 3/13/2013 7:39 AM, Christoph Fröhlich wrote:
> Sounds like a browser caching issue to me.
> Did you double check that OpenCms gets a new request when you
> redirecting to the old page? Or does the request does not get through
> to OpenCms until you refresh the page?
>
> Regards
> Christoph
>
> Am 12.03.2013 um 21:32 schrieb Seth Lenzi <lenzi at jimmy.harvard.edu
> <mailto:lenzi at jimmy.harvard.edu>>:
>
>> To anyone that might have any ideas:
>>
>> I have a page in which I use CmsJspLoginBean to log a user into
>> OpenCMS. After the call to the login method I issue a redirect to
>> take the user back to the page they were originally trying to access
>> prior to logging in. The problem is the logged in user is still
>> identified as the Guest account. If I then refresh the page it
>> finally identifies the correct user that I logged in via the
>> CmsJspLoginBean.
>>
>> Any ideas why the refresh finally finds the correct user?
>> _______________________________________________
>> This mail is sent to you from the opencms-dev mailing list
>> To change your list options, or to unsubscribe from the list, please
>> visit
>> http://lists.opencms.org/cgi-bin/mailman/listinfo/opencms-dev
>>
>>
>>
>
> -------------------------------------------------
> Christoph Fröhlich
> Folge 3 GmbH
> Neuer Pferdemarkt 1
> 20359 Hamburg
>
> +49 +40 79 69 48 78
> cf at folge3.de <mailto:cf at folge3.de>
> http://www.folge3.de
> -------------------------------------------------
> Geschäftsführer: Christoph Fröhlich, Anja Künzel
> Handelsregister: HRB 105806, Amtsgericht Hamburg
>
>
>
> _______________________________________________
> This mail is sent to you from the opencms-dev mailing list
> To change your list options, or to unsubscribe from the list, please visit
> http://lists.opencms.org/cgi-bin/mailman/listinfo/opencms-dev
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://webmail.opencms.org/pipermail/opencms-dev/attachments/20130313/ac56a556/attachment.htm>
More information about the opencms-dev
mailing list