Olivier Billard wrote: > > Hi cocooners ! > > For a project, I must have a unique authentication per user. > If I have well understood, currently, the auth-fw is based on > session existency to check if a user is authenticated. > > But it doesn't prevent users to use several browsers (and/or browser > windows) on different locations to authenticate twice. > > I had a discussion with Sylvain (many thanks to him !), that > proposed to use the org.apache.cocoon.environment.Context to > store a map of authenticated users, as a reference to check > for extra authentication. > > It would be very interesting if it could be embeded into, > maybe a > org.apache.cocoon.webapps.authentication.components.Authentica > tor, to fit the actual auth-fw. And in addition the "user > authentication context" stored in the context map should be > aware of session invalidation, to clear itself from the map, > and maybe deal with some other cleaning (two asses kicked > with one foot ;)). > > > Is this the right way to go ? > Is there another better way ? > Good questions :)
>From your description I guess that when a user uses a second browser the user has to authenticate again. It is not possible to know that this user is the same one than someone else who has already logged in. Or do I oversee something? You can write your own Authenticator to test if this user is already logged in - for example by storing the information in the context. But of course this user gets his own session and there his own session context where data might be stored. If you want that this two users (who are actually the same :) ) share the same data you have to do this yourself and store/retrieve the data from the appropriate places. I think you can handle the invalidation using a session listener. HTH Carsten
