cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alberto Brosich <>
Subject Re: authfw auth-logout action delete session contexts
Date Wed, 31 Oct 2007 23:00:37 GMT
Carsten Ziegeler wrote:
> Alberto Brosich wrote:
>> I'm fighting with session contexts.
>> I write a new session context (named "exceptions") in a flowscript.
>> If I call a pipeline that contains an auth-logout action that context is
>> deleted.
>> As sample:
>>       <map:match pattern="do-logout">
>>         <map:act type="auth-protect">
>>           <map:parameter name="handler" value="ldaphandler"/>
>>           <map:act type="auth-logout"/>
>>         </map:act>
>>         <map:redirect-to uri="test-session" session="true"/>
>>       </map:match>
>> If I commented out the auth-logout action works all fine otherwise
>> "{session-context:exceptions/...}" is empty.
>> It seems auth-logout action deletes all the session contexts. Is it true?
> Yes, that's true - in fact auth-logout terminates the session and therefore
> the contexts are deleted as well.
> I'm wondering what your use case is? If a user logs out there shouldn't
> be any user data left on the server. If you want to store data globally
> (not bound to a specific user session), the session contexts are not the
> right place to store. Session contexts are always bound to a user session.
Well, I already have a login form able to show possible exceptions of
the authentication phase (intercepted and stored in a session context),
so I would simply reuse this functionality to display validation errors
catched in the flowscript (form has only listboxes therefore a
validation error occur only converting fields to text inputs with tools
like web developer addon; really rare).
I'll change the approach. No logout and reloading of the form showing
the "exception".
In any case which are other places to store this kind of information?


> Carsten

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message