[
https://issues.apache.org/jira/browse/SLING-1745?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12914629#action_12914629
]
Felix Meschberger commented on SLING-1745:
------------------------------------------
Implemented the isAjaxRequest method which returns true if the request can be
considered an Ajax Request in Rev. 1001056.
If the request is an Ajax request (which is also expected to be a browser
request), the login() method is not called and 403/FORBIDDEN is returned
instead with the X-Reason header set to an user-readable string indicating the
reason for login failure.
> Do not redirect AJAX requests with expired cookie to login form
> ---------------------------------------------------------------
>
> Key: SLING-1745
> URL: https://issues.apache.org/jira/browse/SLING-1745
> Project: Sling
> Issue Type: Improvement
> Components: Authentication
> Affects Versions: Form Based Authentication 1.0.0
> Reporter: Felix Meschberger
> Assignee: Felix Meschberger
> Fix For: Form Based Authentication 1.0.2
>
>
> Currently there are two reactions possible if a request is sent with an
> expired cookie: Either the cookie is just cleared (but ignored for
> authentication purposes) [the default] or the client is redirected to the
> login form.
> Both reactions are not necessairily usefull if an AJAX (or an application) is
> sending the request with the expired cookie. In this case a proper response
> would probably be more appropriate.
> See also the discussion at http://markmail.org/message/jwsvk6swnxvvfsyz
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
