Hi, I'm having troubles with logging in to my app with my google account, because of the way the cookies are stored. My app have several subsections, to which you can go with the url path, so /Download/Help, lets you go the the Help page in the Download section.
I want everyone to be able to see the main page of my app, without needing a googleaccount, so I didn't specify login:required in the app.yaml. However, I only want registered users (teammembers: google accounts that are in my database) to be able to see the other sections, based on the roles they are assigned, so I check if they are valid users, and return a 403. On every page however, there is a login link that refers back to the current subsection, so on a 403 they can click the link, log in and try again, if their session had timed out for instance. Recently I changed this behaviour, to directly redirect to the google login page if the user was not logged in toot google (otherwise, he's not a teammember or doesn't have the appropriate role, and a 403 is the appropriate page to show). I started noticing strange things however: If I logged in and went to a protected section, but got a google session time-out (leaving my browser window open overnight), the next time I refreshed the page, got redirected to the google login, logged in, and got back to the appropriate section. So far everything OK, but if I then went to another section, I needed to login again! I then noticed that firefox had registered the google login cookies to the subpaths of my app (e.g. /Download), and not for the main site url. So I ended up having to login again for each protected section (and having the 'same' cookie registered multiple times). So I figured: if I redirect them to the main page after a time-out ( users.create_login_url('/') ), the cookie might be registered for the entire site, and not the section, but no luck. Even worse! Now I get redirected to the main page after a re-login, but as soon as I want to go back to the protected subsection, I get redirected to the login page again, and then back to the main page, and so on, as if I wasn't logged in after all. Checking the browser's cookies (after deleting them previously) shows that there are again cookies per subsection. So I don't get what really happens now. Where are these extra cookies created??? How can I solve this one? I just want my browser to have 1 ACSID cookie for my entire site, and not extra cookies per subsection... Thanks is advance! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---