[
https://issues.apache.org/jira/browse/SLING-10290?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17339259#comment-17339259
]
Eric Norman commented on SLING-10290:
-------------------------------------
[~cris] In your last comment it seems you are also concerned with hash
algorithm of the TokenStore. That seems like a valid topic to discuss, but it
seems like a different issue than what was described in the description which
seems to be more about the cookie getting refreshed too frequently.
Would you mind reporting the TokenStore hash algorithm problem as a separate
issue so the two problems can be tracked independently?
> Every request renews sling.formauth token
> -----------------------------------------
>
> Key: SLING-10290
> URL: https://issues.apache.org/jira/browse/SLING-10290
> Project: Sling
> Issue Type: Bug
> Components: Authentication
> Affects Versions: Form Based Authentication 1.0.20
> Reporter: Cris Rockwell
> Priority: Critical
> Attachments: image-2021-04-09-14-19-17-509.png
>
>
> When using Apache Sling Form Based Authentication Handler
> Every request and subrequest sets a new value for `sling.formauth`
> Analyzing the code indicates that it not the intended behavior,
> and the cookie value of `sling.formauth` should be consistent for 30 minutes
> according to the default value of form.auth.timeout
> Debugging shows that the method
> [getCookieAuthData|https://github.com/apache/sling-org-apache-sling-auth-form/blob/master/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java#L514-L519]
> always returns null.... AuthenticationInfo properties are
> user.jcr.credentials, sling.authType and user.name. But this is not a
> property called sling.formauth
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
