Hi,
I'm having troubles with logging in to my app with my google account,
because of the way the cookies are stored.
My app have several subsections, to which you can go with the url
path, so /Download/Help, lets you go the the Help page in the Download
section.
I want everyone to be able to see the main page of my app, without
needing a googleaccount, so I didn't specify login:required in the
app.yaml. However, I only want registered users (teammembers: google
accounts that are in my database) to be able to see the other
sections, based on the roles they are assigned, so I check if they are
valid users, and return a 403. On every page however, there is a login
link that refers back to the current subsection, so on a 403 they can
click the link, log in and try again, if their session had timed out
for instance.
Recently I changed this behaviour, to directly redirect to the google
login page if the user was not logged in toot google (otherwise, he's
not a teammember or doesn't have the appropriate role, and a 403 is
the appropriate page to show).
I started noticing strange things however: If I logged in and went to
a protected section, but got a google session time-out (leaving my
browser window open overnight), the next time I refreshed the page,
got redirected to the google login, logged in, and got back to the
appropriate section. So far everything OK, but if I then went to
another section, I needed to login again!
I then noticed that firefox had registered the google login cookies to
the subpaths of my app (e.g. /Download), and not for the main site
url. So I ended up having to login again for each protected section
(and having the 'same' cookie registered multiple times).
So I figured: if I redirect them to the main page after a time-out
( users.create_login_url('/') ), the cookie might be registered for
the entire site, and not the section, but no luck. Even worse! Now I
get redirected to the main page after a re-login, but as soon as I
want to go back to the protected subsection, I get redirected to the
login page again, and then back to the main page, and so on, as if I
wasn't logged in after all. Checking the browser's cookies (after
deleting them previously) shows that there are again cookies per
subsection. So I don't get what really happens now. Where are these
extra cookies created??? How can I solve this one? I just want my
browser to have 1 ACSID cookie for my entire site, and not extra
cookies per subsection...
Thanks is advance!
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Google App Engine" group.
To post to this group, send email to google-appengine@googlegroups.com
To unsubscribe from this group, send email to
google-appengine+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/google-appengine?hl=en
-~----------~----~----~----~------~----~------~--~---
