[jira] Updated: (SLING-1588) form auth can create an endless redirect loop

Felix Meschberger (JIRA) Mon, 23 Aug 2010 06:19:51 -0700

     [ 
https://issues.apache.org/jira/browse/SLING-1588?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Felix Meschberger updated SLING-1588:
-------------------------------------

    Component/s: Authentication
                     (was: Extensions)

> form auth can create an endless redirect loop
> ---------------------------------------------
>
>                 Key: SLING-1588
>                 URL: https://issues.apache.org/jira/browse/SLING-1588
>             Project: Sling
>          Issue Type: Bug
>          Components: Authentication
>            Reporter: Justin Edelson
>            Priority: Critical
>             Fix For: Form Based Authentication 1.0.0
>
>
> Steps to reproduce (I'm sure there's more than one way to reproduce this):
> * Take trunk launchpad and add formauth bundle
> * Set service.ranking of FormAuthenticationHandler to > 0
> Then...
> curl -v -b sling.formauth=garbage http://localhost:8888/index.html
> redirects to 
> http://localhost:8888/system/sling/form/login?resource=%2Findex.html&j_reason=TIMEOUT
> so try this url:
> curl -v -b sling.formauth=garbage 
> http://localhost:8888/system/sling/form/login?resource=%2Findex.html\&j_reason=TIMEOUT
> which redirects to:
> http://localhost:8888/system/sling/form/login?resource=%2Fsystem%2Fsling%2Fform%2Flogin&j_reason=TIMEOUT
> requesting that url with a garbage cookie redirects again and again and 
> again...
> workaround is to enable the "Include Form" option. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (SLING-1588) form auth can create an endless redirect loop

Reply via email to