[jira] [Assigned] (SLING-10290) Every request renews sling.formauth token

Eric Norman (Jira) Tue, 04 May 2021 12:51:04 -0700


     [ 
https://issues.apache.org/jira/browse/SLING-10290?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Eric Norman reassigned SLING-10290:
-----------------------------------

    Assignee: Eric Norman

> Every request renews sling.formauth token
> -----------------------------------------
>
>                 Key: SLING-10290
>                 URL: https://issues.apache.org/jira/browse/SLING-10290
>             Project: Sling
>          Issue Type: Bug
>          Components: Authentication
>    Affects Versions: Form Based Authentication 1.0.20
>            Reporter: Cris Rockwell
>            Assignee: Eric Norman
>            Priority: Critical
>         Attachments: image-2021-04-09-14-19-17-509.png
>
>
> When using Apache Sling Form Based Authentication Handler
> Every request and subrequest sets a new value for `sling.formauth`
> Analyzing the code indicates that it not the intended behavior,
> and the cookie value of `sling.formauth` should be consistent for 30 minutes 
> according to the default value of form.auth.timeout
> Debugging shows that the method 
> [getCookieAuthData|https://github.com/apache/sling-org-apache-sling-auth-form/blob/master/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java#L514-L519]
>  always returns null.... AuthenticationInfo properties are 
> user.jcr.credentials, sling.authType and user.name.  But this is not a 
> property called sling.formauth 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Assigned] (SLING-10290) Every request renews sling.formauth token

Reply via email to