DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=4191>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=4191 Cookie-based Authorized Sessions / How can the user automatically login using a cookie? - implemented? ------- Additional Comments From [EMAIL PROTECTED] 2002-01-07 06:23 ------- Doh! When I said setTemp - I meant setPerm .... for example, getUser().setPerm ("LoginCookie",aRandomNumber). This can be accessed by getPerm/setPerm. I realise that neither option (using get/setPerm or extending TurbineUser) have been done in Jetspeed to date. Is there a Turbine guideline that you always extend TurbineUser, or in situations where there is a minor extension needed, this can be done through the get/setPerm? The methods are on the User interface, which would imply they are for public consumption. If the SessionValidator does not find both cookies or they are invalid, then the user will be treated as if they had not logged in - but will be able to login in the standard way, by entering their username/password. A problem I see with this, is that if a user logs in via machine A and says "remember me" and then logs in via machine B, again saying remember me, then since the LoginCookie will be reset to a new random number, the first auto- login on machine A will become invalid. Perhaps the LoginCookie regeneration should be an optional sub-feature? It makes things a little more secure - but may not be relevant for all sites. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
