I have a question about Martin Man's session validation example (e.g.,
http://localhost/cocoon/protected/login). Namely, the session validator is
called every time that a match (map:match that is) is done in the sitemap.
I.e., if I surf to "protected/protected" it first checks with the session
validator action to see if I've logged in. I continue only if my request has
the appropriate session parameter/cookie. At the time, the author, Martin
noted that he didn't like having to put the action in every match entry in
the sitemap that he wanted to protect against unauthorized logins. My
question is whether this can be done. I.e., can I route everything though
say URL match "protected/**", do the session check in that map:match, set
some sitemap parameter, and then redirect to another URL (say
"rootname/{1}").
The idea is that the session validation appears only once in the sitemap,
but is checked for a variety of URLs. Is there anything wrong with my idea?
Are there simple ways this session validation can be bypassed?
Karl Hallowell [EMAIL PROTECTED]
PS, this probably is directly relevant to the huge discussion on URL
redirection since session checking (and redirecting to login windows) is
probably the most important function that requires redirection.
---------------------------------------------------------------------
Please check that your question has not already been answered in the
FAQ before posting. <http://xml.apache.org/cocoon/faqs.html>
To unsubscribe, e-mail: <[EMAIL PROTECTED]>
For additional commands, e-mail: <[EMAIL PROTECTED]>
