cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Adam Ratcliffe" <a...@prema.co.nz>
Subject RE: browser's back button and authentication framework
Date Thu, 17 Mar 2005 21:03:48 GMT
Hi Marc

You're right that the approach I outlined doesn't deal with issue of the
user being able
to go back to the login page but it does handle the 2nd authentication
request correctly,
the login() function tests if the user is authenticated and if so redirects
to the
protected resource, no error is thrown.

You could try setting the 'Expires' response header to 0 and the 'Vary'
header to 'Host' to
prevent caching of the login page.

Cheers
Adam


> -----Original Message-----
> From: Marc Salvetti [mailto:marc@notremanou.net]
> Sent: Thursday, 17 March 2005 7:17 p.m.
> To: users@cocoon.apache.org
> Subject: Re: browser's back button and authentication framework
>
>
> Hi Adam,
>
> thanks for your reply,
> i'm using actions (auth-login, etc...) but i don't see how your method
> would fix the problem.
> the actions also test if the user is already identified, and redirect
> him to the right page if it's the case.
> But the problem comes from the fact that no request is sent to the
> server when hitting the back button, so if the server doesn't get the
> request, it can't send the right answer... at least i think so :-)
>
> do you have any specific browser cache configuration on the login page ?
>
> Marc
>
> Adam Ratcliffe a écrit :
>
> >Hi Marc
> >
> >Are you using flowscript based authentication or actions?
> >
> >In my application I use the flowscript authentication functions, see the
> >flow samples in the
> >authentication-fw block. My login function, called when the login form is
> >submitted, looks like this:
> >
> >function login() {
> >  var handler = cocoon.parameters["handler"];
> >
> >  if (auth_isAuthenticated(handler)) {
> >    success();
> >  } else if (auth_login(handler, null, cocoon.parameters)) {
> >    success();
> >  } else {
> >    failure();
> >  }
> >}
> >
> >So if the user is already authenticated they will be redirected to the
> >protected resource without being
> >re-authenticated.
> >
> >HTH
> >Adam
> >
> >
> >
> >>-----Original Message-----
> >>From: Marc Salvetti [mailto:marc@notremanou.net]
> >>Sent: Wednesday, 16 March 2005 11:41 p.m.
> >>To: users@cocoon.apache.org
> >>Subject: browser's back button and authentication framework
> >>
> >>
> >>Hello,
> >>
> >>i'm meeting a problem with the authentication framework :
> >>if a user press the back button after beeing logged in and redirected
> >>from the login page, he is able to try to log in again, and gets the
> >>error "user already authenticated"
> >>I tried to use the pragma no-cache instructions to prevent the browser
> >>from caching the login page, but with no success, the form is still
> >>displayed on click of the back button.
> >>
> >>Does someone have a workaround to this problem ?
> >>thanks,
> >>
> >>Marc
> >>
> >>
> >>
> >>---------------------------------------------------------------------
> >>To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
> >>For additional commands, e-mail: users-help@cocoon.apache.org
> >>
> >>
> >>
> >>
> >>
> >
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
> >For additional commands, e-mail: users-help@cocoon.apache.org
> >
> >
> >
> >
> >
> >
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
> For additional commands, e-mail: users-help@cocoon.apache.org
>
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org


Mime
View raw message