[
https://issues.apache.org/jira/browse/SLING-1614?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Felix Meschberger updated SLING-1614:
-------------------------------------
Component/s: Authentication
(was: Extensions)
> Form Auth is not returning user to anonymous JCR state after timeout
> ---------------------------------------------------------------------
>
> Key: SLING-1614
> URL: https://issues.apache.org/jira/browse/SLING-1614
> Project: Sling
> Issue Type: Bug
> Components: Authentication
> Reporter: Mike Moulton
> Assignee: Ian Boston
> Fix For: Form Based Authentication 1.0.0
>
>
> Per a discussion on the dev list [1], it looks like the Form Auth extension
> is not properly handling timeouts.
> Steps to reproduce:
> - Start up the standalone sling.
> - Install the form auth bundle.
> - Goto: http://localhost:8080/index.html - page should render
> - Goto: http://localhost:8080/system/sling/form/login - login
> - Goto: http://localhost:8080/index.html - page should still render
> - Wait for session cookie to timeout (I lowered the timeout to 1 min for my
> testing)
> - Refresh: http://localhost:8080/index.html - page will redirect to login form
> Expected behavior is that the form auth handler will return the session to an
> anonymous state if the cookie has timed out.
> Related to SLING-1588
> [1] http://sling.markmail.org/thread/mqp3e7xkrtggpsef
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
