Hi cocooners !
For a project, I must have a unique authentication per user.
If I have well understood, currently, the auth-fw is based on session existency to check if a user is authenticated.
But it doesn't prevent users to use several browsers (and/or browser windows) on different locations to authenticate twice.
I had a discussion with Sylvain (many thanks to him !), that proposed to use the org.apache.cocoon.environment.Context to store a map of authenticated users, as a reference to check for extra authentication.
It would be very interesting if it could be embeded into, maybe a org.apache.cocoon.webapps.authentication.components.Authenticator, to fit the actual auth-fw. And in addition the "user authentication context" stored in the context map should be aware of session invalidation, to clear itself from the map, and maybe deal with some other cleaning (two asses kicked with one foot ;)).
Is this the right way to go ? Is there another better way ?
Many thanks !
-- Olivier Billard
