Hi Cococoners! I am currently an application that is currently running on a test mode with a small amount of users (20) in a Intranet environment. With the following characteristics:
The application is running behind a proxy. The app use the authentication framework. The app have a page called welcome that show the current user. I am currently having problem with session management: The users told me that sometimes when they are already authenticated and request the welcome page, the response present another user. The page is called with http://internalserver:8080/theapp/welcome I think that this can be done because the proxy is returning a cached page from another user. Because the request has the same URI from every user (as long as I can see). The request URI does not have info about sessions. But I read in the book from Carsten and Mathhew on page 303 (second paragraph from the end): "The default is usually to use cookies, because the developer of the web application does not need to do anything special to use them. ..." Please Dont let me wrong. I now that the problem is caused by me. :-D The menu of the application is a static Javascript file served with a reader. This file hs no info about sessions. Now I realized that in order to "set" a session into the request I need to include a parameter with the SessionID for every request. I does not include it before because the quote above. With this scenario my questions is: How I can ensure that every request URI from the user will have the SessionID included or use the default cookies? For me this is not a trivial question, because: I thinked first: "OK, I will generate the menu.js on ther fly using XSP." But after think a while I realized that this issue will fall again in the same category as the http://internalserver:8080/theapp/welcome explained above. :-( Please tell me what can I do? I am currently thinking in calling the menu.js with the sessionID too. This will work or there is another easier way to do that? Many thanks in advance, Antonio Gallardo. --------------------------------------------------------------------- Please check that your question has not already been answered in the FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html> To unsubscribe, e-mail: <[EMAIL PROTECTED]> For additional commands, e-mail: <[EMAIL PROTECTED]>
