cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oscar Picasso <>
Subject Re: Sharing sessions and authentication across sites
Date Fri, 29 Oct 2004 19:34:12 GMT
> If you have "different sites" under the same webserver 
> installation then sharing the authentication information
> between cocoon apps should be ok.

That's my configuration. It should be ok but in my case it's not.

So let me detail my config.

Both the server and the client I use to test have the following line in

On the server I use one application server (Jetty) with one cocoon.war in the
webapps folder. Its web-jetty.xml has:
<Configure class="org.mortbay.jetty.servlet.WebApplicationContext">
  <Set name="ContextPath">/</Set>

So if I try to or it actually point to the
same cocoon instance and sitemap.

In the site map I have something like this:
<map:match pattern="test">
  <map:act type="auth-protect">
    <map:parameter name="handler" value="managehandler"/>
    <map:generate type="serverpages" src="test/test.xsp"/>
    <map:serialize type="xml"/>

The first time I try, I get the login form and then the test
page. The second time, I go directly to the test page. So the the
authentication works fine with this domain.

If after that, I try, I get the login form again. The next
time, I go directly to the test page. So here again the authentication works
fine "inside" the second domain.

The problem is that the authentication done in the first domain is not
available for the second domain.

When looking at the cookies manager, I have noticed that it has set one
JSESSIONID for and a different one for I guess that the
problem lies here.

On the cocoon web.xml file I have noticed the following lines:

!-- Context Configuration ========================================== -->

   | Set a context property useful to allow you to ProxyPass your
   | web application mounted to a different URI without loosing the
   | ability to do cookie-based sessions.
   | WARNING: this is Jetty specific!
 <description>An override of the session cookie path</description>

I thought it was somewhat related to my problem and tried to play with this
param, but without success.

I think, I have to configure something in Jetty and/or use apache but don't
know where to start.

I someone had a working Jetty (and/or apache) configuration example, I would
greatly appreciate.



Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message