Dear Cocoon Users,

Our setup: cocon 2.1.5.1, tomcat 5.5.4, jdk 1.5.0

We are using the cocoon authentication framework to protect
some pipelines from public access. Our prototype setup resembles
the examples closely. We implemented the Authenticator-interface
to use our own authentication adapter (DB access, logging, etc.)

We experience the following problem when logging in and out with
firefox and ie6. Logout does not remove the authentication properly from the session,
i.e. after having performed the "auth-logout"-action subsequent calls to
"auth-login" return the protected resource without any question for username/pw.

This happens to appear with firefox, ie6, using konqueror it works fine.
Does anyone of you know what happens?

Below are the relevant sitemap snippets.

Any help is kindly appreciated,
Ralph Lange




<map:pipelines>
 <map:component-configurations>
     <authentication-manager>
         <handlers>
           <handler name="portalhandler">
                 <redirect-to uri="redirect_document"/>
<authentication authenticator="de.abs.efonds24.authentication.MyAuthenticator"/>
              </handler>
     </handlers>
   </authentication-manager>
 </map:component-configurations>

<map:pipeline>
  <map:match pattern="alreadylogged">
     <map:generate type="file" src="authentication/alreadyloggedin.xml"/>
     <map:transform type="xslt" src="authentication/alreadyloggedin.xsl"/>
     <map:serialize type="html"/>
   </map:match>

  <map:match pattern="protectedresource">
     <map:act type="auth-protect">
   <map:parameter name="handler" value="portalhandler"/>
     <map:generate type="file" src="authentication/protectedresource.xml"/>
<map:transform type="xslt" src="authentication/protectedresource.xsl"/>
     <map:serialize type="html"/>
     </map:act>
   </map:match>
<map:match pattern="login">
     <map:act type="auth-loggedIn">
         <map:parameter name="handler" value="portalhandler"/>
         <map:redirect-to uri="alreadylogged"/>
     </map:act>
     <map:act type="auth-login">
       <map:parameter name="handler" value="portalhandler"/>
       <map:parameter name="parameter_name" value="{request-param:name}"/>
<map:parameter name="parameter_password" value="{request-param:password}"/> <map:parameter name="parameter_resource" value="{request-param:resource}"/>
   <map:redirect-to uri="protectedresource"/>
     </map:act>
     <!-- authentication failed: -->
     <map:generate src="authentication/auth_failed.xml"/>
     <map:transform src="authentication/auth_failed.xsl"/>
     <map:serialize/>
   </map:match>
<map:match pattern="logout">
     <map:act type="auth-logout">
       <map:parameter name="handler" value="portalhandler"/>
   <map:generate src="authentication/auth_logout.xml"/>
       <map:transform src="authentication/auth_logout.xsl"/>
       <map:serialize/>
     </map:act>
   </map:match>
  </map:pipeline>
 </map:pipelines>


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to