On Thu, Oct 23, 2008 at 3:54 AM, David Leangen <[EMAIL PROTECTED]> wrote:
>From the user's perspective, a page gets loaded from my site, then a > page gets loaded from the OP's site where the user authenticates. The OP > then sends back a response with an authentication token, and the user > carries on with what he/she was trying to do. Uh... Either you explain it badly, misunderstood it, OpenID is flawed or browser problem. The OP should send a redirect back to the browser, which just makes the same request again and your application should see the same session from that browser (now with the authenticated token in the headers), i.e. the redirects never happened. Can you post the pre- and post- request/response headers for that handshake? The only way I can see this breaking is that (probably) Wicket sees that there is an on-going session from the same place and creates a new session when the second request arrives. That would then sound like a Wicket bug, since it is also in charge of the redirect()... But, that is a wild guess. More information is required; headers. Cheers Niclas _______________________________________________ general mailing list [email protected] http://lists.ops4j.org/mailman/listinfo/general
