Re: Login page GET versus POST

Thu, 26 Jan 2006 00:37:16 -0800 

Bob Harner wrote:


On 1/25/06, Michael Wechner <[EMAIL PROTECTED]> wrote:

Bob Harner wrote:


Hello all,

The login page for Lenya 1.2.4 (and I think 1.4 as well) uses a GET
instead of a POST, which is unacceptable to my customer and very bad
practice in general.  I need to change it to a POST, but can't get it
to work.

I changed the form method in login.xsl to POST easily enough, but now
authentication always fails.  The form handling apparently only likes
GET's.

I believe the sitemap.xmap handles the login form submission, sending
it to a pipeline that contains the authenticator action
(org.apache.lenya.cms.cocoon.acting.DelegatingAuthenticatorAction),
but that action always results in a failure.  I'll admit I'm having
great difficulty tracing through the code trying to find where Lenya
or Cocoon distinguishes between a GET and a POST.  It shouldn't be
hard, right?

Does anyone have any hints on this?  This is a critical show-stopper for us.



I am not sure about your patches:

http://issues.apache.org/bugzilla/show_bug.cgi?id=38383

I guess you added just part of the problem, right?

Just asking, such that I won't duplicate your efforts ;-)

Thanks

Michi



No, the patch is the complete solution.  More detail:  when we changed
the GET to a POST, the form wouldn't let us log in anymore.  We
eventually figured out that the pipeline in sitemap.xmap was not even
running when the form used POST, because when it does this:

   <map:match type="usecase" pattern="login">

it is only matching on "usecase=login" in the URL, disregarding any
POST'ed parameters (why doesn't
org.apache.cocoon.matching.WildcardRequestParameterMatcher look at
POST'ed parameters?).
you might to ask the Cocoon mailing list and provide a patch in case it's a bug. 
I will be happy to commit it ;-)


 So to make it work we had to move the
lenya.usecase and lenya.step parameters into the form tag's action
attribute.  Now it works fine.


I have aplied it.

Thanks a lot

Michi


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
Michael Wechner
Wyona      -   Open Source Content Management   -    Apache Lenya
http://www.wyona.com                      http://lenya.apache.org
[EMAIL PROTECTED]                        [EMAIL PROTECTED]


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to