Return-Path: Delivered-To: apmail-xml-cocoon-users-archive@xml.apache.org Received: (qmail 88473 invoked by uid 500); 30 Nov 2002 21:37:05 -0000 Mailing-List: contact cocoon-users-help@xml.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: list-post: Reply-To: cocoon-users@xml.apache.org Delivered-To: mailing list cocoon-users@xml.apache.org Received: (qmail 88461 invoked from network); 30 Nov 2002 21:37:04 -0000 X-Authentication-Warning: ags01.agsoftware.dnsalias.com: apache set sender to agallardo@agsoftware.dnsalias.com using -f Message-ID: <32857.10.0.0.4.1038645164.squirrel@_default_> Date: Sat, 30 Nov 2002 15:32:44 +0700 (GMT-7) Subject: [Authentication] - Generate javascript using XSP From: "Antonio Gallardo" To: X-Priority: 3 Importance: Normal X-Mailer: SquirrelMail (version 1.2.9) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Hi Cococoners! I am currently an application that is currently running on a test mode with a small amount of users (20) in a Intranet environment. With the following characteristics: The application is running behind a proxy. The app use the authentication framework. The app have a page called welcome that show the current user. I am currently having problem with session management: The users told me that sometimes when they are already authenticated and request the welcome page, the response present another user. The page is called with http://internalserver:8080/theapp/welcome I think that this can be done because the proxy is returning a cached page from another user. Because the request has the same URI from every user (as long as I can see). The request URI does not have info about sessions. But I read in the book from Carsten and Mathhew on page 303 (second paragraph from the end): "The default is usually to use cookies, because the developer of the web application does not need to do anything special to use them. ..." Please Dont let me wrong. I now that the problem is caused by me. :-D The menu of the application is a static Javascript file served with a reader. This file hs no info about sessions. Now I realized that in order to "set" a session into the request I need to include a parameter with the SessionID for every request. I does not include it before because the quote above. With this scenario my questions is: How I can ensure that every request URI from the user will have the SessionID included or use the default cookies? For me this is not a trivial question, because: I thinked first: "OK, I will generate the menu.js on ther fly using XSP." But after think a while I realized that this issue will fall again in the same category as the http://internalserver:8080/theapp/welcome explained above. :-( Please tell me what can I do? I am currently thinking in calling the menu.js with the sessionID too. This will work or there is another easier way to do that? Many thanks in advance, Antonio Gallardo. --------------------------------------------------------------------- Please check that your question has not already been answered in the FAQ before posting. To unsubscribe, e-mail: For additional commands, e-mail: