Ralph,
You may have to explicitly destroy the session upon logging out. I
experienced that a similar problem and it did work for me.
....
<map:act type="session">
<map:parameter name="action" value="terminate" />
.....
</map:act>
...
Andre.
Ralph Lange wrote:
Dear Cocoon Users,
Our setup: cocon 2.1.5.1, tomcat 5.5.4, jdk 1.5.0
We are using the cocoon authentication framework to protect
some pipelines from public access. Our prototype setup resembles
the examples closely. We implemented the Authenticator-interface
to use our own authentication adapter (DB access, logging, etc.)
We experience the following problem when logging in and out with
firefox and ie6. Logout does not remove the authentication properly from
the session,
i.e. after having performed the "auth-logout"-action subsequent calls to
"auth-login" return the protected resource without any question for
username/pw.
This happens to appear with firefox, ie6, using konqueror it works fine.
Does anyone of you know what happens?
Below are the relevant sitemap snippets.
Any help is kindly appreciated,
Ralph Lange
<map:pipelines>
<map:component-configurations>
<authentication-manager>
<handlers>
<handler name="portalhandler">
<redirect-to uri="redirect_document"/>
<authentication
authenticator="de.abs.efonds24.authentication.MyAuthenticator"/>
</handler>
</handlers>
</authentication-manager>
</map:component-configurations>
<map:pipeline>
<map:match pattern="alreadylogged">
<map:generate type="file" src="authentication/alreadyloggedin.xml"/>
<map:transform type="xslt" src="authentication/alreadyloggedin.xsl"/>
<map:serialize type="html"/>
</map:match>
<map:match pattern="protectedresource">
<map:act type="auth-protect">
<map:parameter name="handler" value="portalhandler"/>
<map:generate type="file" src="authentication/protectedresource.xml"/>
<map:transform type="xslt"
src="authentication/protectedresource.xsl"/>
<map:serialize type="html"/>
</map:act>
</map:match>
<map:match pattern="login">
<map:act type="auth-loggedIn">
<map:parameter name="handler" value="portalhandler"/>
<map:redirect-to uri="alreadylogged"/>
</map:act>
<map:act type="auth-login">
<map:parameter name="handler" value="portalhandler"/>
<map:parameter name="parameter_name" value="{request-param:name}"/>
<map:parameter name="parameter_password"
value="{request-param:password}"/>
<map:parameter name="parameter_resource"
value="{request-param:resource}"/>
<map:redirect-to uri="protectedresource"/>
</map:act>
<!-- authentication failed: -->
<map:generate src="authentication/auth_failed.xml"/>
<map:transform src="authentication/auth_failed.xsl"/>
<map:serialize/>
</map:match>
<map:match pattern="logout">
<map:act type="auth-logout">
<map:parameter name="handler" value="portalhandler"/>
<map:generate src="authentication/auth_logout.xml"/>
<map:transform src="authentication/auth_logout.xsl"/>
<map:serialize/>
</map:act>
</map:match>
</map:pipeline>
</map:pipelines>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Andre H. Juffer | Phone: +358-8-553 1161
The Biocenter and | Fax: +358-8-553-1141
the Dep. of Biochemistry | Email: [EMAIL PROTECTED]
University of Oulu, Finland | WWW: www.biochem.oulu.fi/Biocomputing/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
