cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christian Haul <>
Subject Re: Q on session validation example
Date Tue, 17 Jul 2001 19:54:57 GMT
On 17.Jul.2001 -- 03:10 PM, HALLOWELL,KARL (HP-Cupertino,ex1) wrote:
> I have a question about Martin Man's session validation example (e.g.,
> http://localhost/cocoon/protected/login). Namely, the session validator is
> called every time that a match (map:match that is) is done in the sitemap.
> I.e., if I surf to "protected/protected" it first checks with the session
> validator action to see if I've logged in. I continue only if my request has
> the appropriate session parameter/cookie. At the time, the author, Martin
> noted that he didn't like having to put the action in every match entry in
> the sitemap that he wanted to protect against unauthorized logins. My
> question is whether this can be done. I.e., can I route everything though
> say URL match "protected/**", do the session check in that map:match, set
> some sitemap parameter, and then redirect to another URL (say
> "rootname/{1}").
> The idea is that the session validation appears only once in the sitemap,
> but is checked for a variety of URLs. Is there anything wrong with my idea?
> Are there simple ways this session validation can be bypassed?

There're several solutions to this:

a) mount a sub-sitemap and do the validation in the mount (probably
not nice, since this belongs to the application in the sub sitemap)

b) nest your pipelines. There's no reason why you shouldn't specify
matchers nested inside an action

c) use redirects to internal URIs or ressources. But then you'd need
matchers for those


C h r i s t i a n       H a u l
    fingerprint: 99B0 1D9D 7919 644A 4837  7D73 FEF9 6856 335A 9E08

Please check that your question has not already been answered in the
FAQ before posting. <>

To unsubscribe, e-mail: <>
For additional commands, e-mail: <>

View raw message