[
https://issues.apache.org/jira/browse/SLING-10290?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17355268#comment-17355268
]
Eric Norman commented on SLING-10290:
-------------------------------------
[~olli] I'd be happy to review any PR if someone wants to do that work. But I
don't see it as a requirement for this issue, so perhaps that discussion could
be moved to the mail list or a new standalone issue to be tracked independently.
> Every request renews sling.formauth token
> -----------------------------------------
>
> Key: SLING-10290
> URL: https://issues.apache.org/jira/browse/SLING-10290
> Project: Sling
> Issue Type: Bug
> Components: Authentication
> Affects Versions: Form Based Authentication 1.0.20
> Reporter: Cris Rockwell
> Assignee: Eric Norman
> Priority: Critical
> Fix For: Form Based Authentication 1.0.22
>
> Attachments: image-2021-04-09-14-19-17-509.png
>
> Time Spent: 1.5h
> Remaining Estimate: 0h
>
> When using Apache Sling Form Based Authentication Handler
> Every request and subrequest sets a new value for `sling.formauth`
> Analyzing the code indicates that it not the intended behavior,
> and the cookie value of `sling.formauth` should be consistent for 30 minutes
> according to the default value of form.auth.timeout
> Debugging shows that the method
> [getCookieAuthData|https://github.com/apache/sling-org-apache-sling-auth-form/blob/master/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java#L514-L519]
> always returns null.... AuthenticationInfo properties are
> user.jcr.credentials, sling.authType and user.name. But this is not a
> property called sling.formauth
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
