Hi Mike, Fair enough, but that could then also be handled by moving the AD-LoginHandler in front of the (hypothetical) SessionLoginHandler.
Regards from Vienna, Richard -----Ursprüngliche Nachricht----- Von: [email protected] [mailto:[email protected]] Im Auftrag von Mike Wilson (via Magnolia Forums) Gesendet: Montag, 01. Oktober 2012 17:55 An: Magnolia User List Betreff: [magnolia-user] Re: suggestions for implementation of AD login when authentication is done externally Many good points there, Richard. Wrt renegotiating already logged in sessions I like to add that it was actually a requirement for us to do that, but we can do it conditionally, so I'm quite happy the LoginHandlers are called for each request. The rationale is that we want to avoid hijacked sessions and similar stuff. Thus, for every request we want to check that the user logged in to Magnolia is actually the same as the SSO user provided in the HTTP header. This is a light operation, and it is only when the two logged in names don't match that my LoginHandler triggers session invalidation and a call to the (more heavy) authentication/authorization process. Best regards Mike -- Context is everything: http://forum.magnolia-cms.com/forum/thread.html?threadId=878e325c-2ac2-4b8f-8575-640c0c0740f3 ---------------------------------------------------------------- For list details, see http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to: <[email protected]> ---------------------------------------------------------------- ---------------------------------------------------------------- For list details, see http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to: <[email protected]> ----------------------------------------------------------------
