[ https://issues.apache.org/jira/browse/SLING-10290?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17355268#comment-17355268 ]
Eric Norman commented on SLING-10290: ------------------------------------- [~olli] I'd be happy to review any PR if someone wants to do that work. But I don't see it as a requirement for this issue, so perhaps that discussion could be moved to the mail list or a new standalone issue to be tracked independently. > Every request renews sling.formauth token > ----------------------------------------- > > Key: SLING-10290 > URL: https://issues.apache.org/jira/browse/SLING-10290 > Project: Sling > Issue Type: Bug > Components: Authentication > Affects Versions: Form Based Authentication 1.0.20 > Reporter: Cris Rockwell > Assignee: Eric Norman > Priority: Critical > Fix For: Form Based Authentication 1.0.22 > > Attachments: image-2021-04-09-14-19-17-509.png > > Time Spent: 1.5h > Remaining Estimate: 0h > > When using Apache Sling Form Based Authentication Handler > Every request and subrequest sets a new value for `sling.formauth` > Analyzing the code indicates that it not the intended behavior, > and the cookie value of `sling.formauth` should be consistent for 30 minutes > according to the default value of form.auth.timeout > Debugging shows that the method > [getCookieAuthData|https://github.com/apache/sling-org-apache-sling-auth-form/blob/master/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java#L514-L519] > always returns null.... AuthenticationInfo properties are > user.jcr.credentials, sling.authType and user.name. But this is not a > property called sling.formauth -- This message was sent by Atlassian Jira (v8.3.4#803005)