[
https://issues.apache.org/jira/browse/CONNECTORS-275?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13161139#comment-13161139
]
Karl Wright commented on CONNECTORS-275:
----------------------------------------
bq. I'm assuming Method A is closer to what you described:
bq.
bq. Method A:
bq.
bq. * (while on mysite.com/session-timeout-message.html which has a link to
login.cgi)
bq. 3: (same as above, matching timeout-msg.html) Tell MCF to Fetch:
http://mysite.com/login.cgi
bq. 4: (new, matching login.cgi) Tell MCF that the form name is ^$, and
that the parameters are username=me and password=hello.
Yes, exactly.
bq. The only issue here is that, since there is no form on login.cgi, there's
no "method=GET" to inherit from.
So the link from the timeout page sends you to login.cgi without any parameters
at all, and yet login.cgi requires parameters to perform the login? Or (I've
seen this done before) when you go to http://mysite.com/login.cgi, do you get
the form at that time, which when submitted goes right back to login.cgi, but
this time with the GET form data? If the former, we'd need a new type of login
page. If the latter, we could make it work with the current software.
bq. If more code needs to be written, I wasn't necessarily bugging you to write
it (though you'd be faster at it!)
Let's think it through first and then see. Usually in cases like this I create
a branch so that we can do multiple commits and not have to put everything in a
single (massive) patch. This also means we can both work on the code.
Adding a new login page type is not that challenging technically, just a bit of
work in the UI mostly. But how would that new login page actually work?
Should it match the URL regexp only, or should there be some other identifying
characteristic on the page itself? And, since there's no form to submit, and
there are three different ways to submit a form in HTML, it seems to me that
we'd want to basically specify a "virtual form", consisting of everything you
might find on a normal form: the form type, the action URL, an a complete set
of name/value pairs to be transmitted to the action target. Does this sound
right?
> Clarify documentation as to how to set up session login for web connector
> -------------------------------------------------------------------------
>
> Key: CONNECTORS-275
> URL: https://issues.apache.org/jira/browse/CONNECTORS-275
> Project: ManifoldCF
> Issue Type: Improvement
> Components: Documentation, Web connector
> Affects Versions: ManifoldCF 0.4
> Reporter: Karl Wright
>
> A book reader has this comment, which basically implies that we need to
> improve the documentation for the web connector:
> "I was excited to get the full version of the online book, but then
> disappointed when it referred back to the online doc for setting up logins
> for a Web spidering. The online doc is very vague and only gives one example.
> I've used Ultraseek's and Google's spider, but I still find the Session login
> sequences non-obvious.
> I've got a subscription request into the user mailing list, but here's the
> parts that are not clear.
> I generally understand about using regexes to define sites and sorting out
> content pages from login pages.
> But it's not clear why there's TWO Regex's per entry. There's a "Login URL"
> regex, and also a "Form name/link target" regex.
> It's also not clear about the "page type" radio button choices.
> For "rediection", am I saying "look for a redirect event", or am I saying
> "then DO a redirect to this page".
> And for "form name", what if my login page doesn't have a named form? In the
> case of the site I'm trying to spider, when your session expires, you
> manually go back to an https page and supply your username and password as
> CGI parameters. I know this sounds odd, but it's apparently how a number of
> the sites we're trying to spider work, some proprietary software.
> Karl, I really think the book or Wiki or doc needs 3 or 4 different examples
> of login scenarios.
> Here's the scenario I'm trying, if you'd like to use it:
> Try to fetch: http://site.com/product?id=1234
> If you get a redirect to: http://site.com/Main.asp
> Note that there's no login form nor link on this page.
> Then invoke this login URL:
> https://site.com/validate?username=me&password=that&otherArg=something
> Note that you can't just visit this page and fill in a form, that gives an
> error, it has to be passed in (I think as a GET)
> Then record the session cookie and try for /product?id=1234 again.
> I realize this is odd, I didn't design it. "
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
