cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Carsten Ziegeler" <>
Subject RE: [Authentication-fw] Per-user unique authentication
Date Wed, 09 Jun 2004 14:22:23 GMT
Olivier Billard wrote:
> Hi cocooners !
> For a project, I must have a unique authentication per user.
> If I have well understood, currently, the auth-fw is based on 
> session existency to check if a user is authenticated.
> But it doesn't prevent users to use several browsers (and/or browser
> windows) on different locations to authenticate twice.
> I had a discussion with Sylvain (many thanks to him !), that 
> proposed to use the org.apache.cocoon.environment.Context to 
> store a map of authenticated users, as a reference to check 
> for extra authentication.
> It would be very interesting if it could be embeded into, 
> maybe a 
> org.apache.cocoon.webapps.authentication.components.Authentica
> tor, to fit the actual auth-fw. And in addition the "user 
> authentication context" stored in the context map should be 
> aware of session invalidation, to clear itself from the map, 
> and maybe deal with some other cleaning (two asses kicked 
> with one foot ;)).
> Is this the right way to go ?
> Is there another better way ?
Good questions :) 

>From your description I guess that when a user uses a second browser
the user has to authenticate again. It is not possible to know that
this user is the same one than someone else who has already logged in.
Or do I oversee something?

You can write your own Authenticator to test if this user is already
logged in - for example by storing the information in the context.
But of course this user gets his own session and there his own
session context where data might be stored.
If you want that this two users (who are actually the same :) ) share
the same data you have to do this yourself and store/retrieve the
data from the appropriate places.

I think you can handle the invalidation using a session listener.


View raw message