Hi T.J.,
On Sun, Mar 29, 2009 at 4:57 PM, T. J. Frazier <[email protected]> wrote:
> Hi, Ivan,
>
> 1) Thank you very much for the very informative links. They answered a bunch
> of questions I didn't even know to ask. Of course, they've raised a few
> questions, too, but chasing down the answers should keep me harmlessly
> occupied and out of trouble (well, maybe) for a while. :-)
Let me know if you need any help :)
> 2) One thing looks odd: in the last #if statement on both pages, there seems
> to be a duplicated operand,
> && !$currentProject.getName().equals("contributing")
> which seems harmless, unless some name that should be there has been left
> out.
Heh, there is too. But this code just toggles the breadcrumbs for
certain pages, so there's no issue as far as I can see.
> 3) It's not that I suspect your header code of any wrong-doing. I just want
> to know why sometimes, clicking on the login button simply repaints the page
> with the "you are logged in" header, but other times, I get a special Login
> page (just like a Trojan Horse scam would do), which then dumps me on My
> Pages, regardless of where I was when I logged in, a nuisance.
I think there's a simple explanation here, but it's not clear because
of the false feedback of the login status.
1) If you enter your password correctly and are NOT logged in, you are
redirected to the page you came from
2) If you enter your password incorrectly, you are taken to the log in page
3) If you are already logged in and you enter your username and
password again, you are taken to the log in page and informed that you
are logged in as XYZ. This is where the false feedback comes into
play.
The redirection is indicated by the hidden input field:
<input type="hidden" name="detour" value="$helmR.getEncodedFullURL()" />
and processed by the login servlet as indicated by the action field
<form name="login" action="$res.encodeUrl("/servlets/TLogin")" method="post">
#3 is probably the problem you're experiencing.
> For that matter, as the new and proud possessor of my very own IP address
> (courtesy of my recent upgrade to broadband), I am rather surprised that the
> system doesn't recognize that, and log me in automatically. (I do realize
> that this sort of thing is not under your control. I just wonder.) /tj/
Unfortunately, automatic logins are not possible AFAIK - if you or
anyone else knows how to make a good cookie that might do this, please
write in :)
Regards,
Ivan.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
