Form Auth is not returning user to anonymous JCR state after timeout
---------------------------------------------------------------------
Key: SLING-1614
URL: https://issues.apache.org/jira/browse/SLING-1614
Project: Sling
Issue Type: Bug
Components: Extensions
Reporter: Mike Moulton
Fix For: Extensions Form Based Authentication 1.0.0
Per a discussion on the dev list [1], it looks like the Form Auth extension is
not properly handling timeouts.
Steps to reproduce:
- Start up the standalone sling.
- Install the form auth bundle.
- Goto: http://localhost:8080/index.html - page should render
- Goto: http://localhost:8080/system/sling/form/login - login
- Goto: http://localhost:8080/index.html - page should still render
- Wait for session cookie to timeout (I lowered the timeout to 1 min for my
testing)
- Refresh: http://localhost:8080/index.html - page will redirect to login form
Expected behavior is that the form auth handler will return the session to an
anonymous state if the cookie has timed out.
Related to SLING-1588
[1] http://sling.markmail.org/thread/mqp3e7xkrtggpsef
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
