[ https://issues.apache.org/jira/browse/SLING-10290?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Eric Norman reassigned SLING-10290: ----------------------------------- Assignee: Eric Norman > Every request renews sling.formauth token > ----------------------------------------- > > Key: SLING-10290 > URL: https://issues.apache.org/jira/browse/SLING-10290 > Project: Sling > Issue Type: Bug > Components: Authentication > Affects Versions: Form Based Authentication 1.0.20 > Reporter: Cris Rockwell > Assignee: Eric Norman > Priority: Critical > Attachments: image-2021-04-09-14-19-17-509.png > > > When using Apache Sling Form Based Authentication Handler > Every request and subrequest sets a new value for `sling.formauth` > Analyzing the code indicates that it not the intended behavior, > and the cookie value of `sling.formauth` should be consistent for 30 minutes > according to the default value of form.auth.timeout > Debugging shows that the method > [getCookieAuthData|https://github.com/apache/sling-org-apache-sling-auth-form/blob/master/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java#L514-L519] > always returns null.... AuthenticationInfo properties are > user.jcr.credentials, sling.authType and user.name. But this is not a > property called sling.formauth -- This message was sent by Atlassian Jira (v8.3.4#803005)