I think setting the cookie should be controlled by
the user. Kind of like the "remember me" check box
used by yahoo. Also the cookie attributes (expiration
time, domain,..., etc) should all be configurable from
the JR.p file.
I had this functionality (automatic login using
cookies) on my todo list for this week for the current
project I am working on. I had the logic all worked
out on a previous servlet based portal implementation
I had worked on before I jumped onto the Jetspeed bandwagon.
I just need to tailor it to the Jetspeed system. I have
already started modifying the sessionValidator. I can submit
my changes when I am done if you want.
Probably sometime this weekend since I have some stuff
that is higher priority for today. Or if somebody
wants to do it sooner I would be happy to test if
for them :).
By the way, I vaguely remember seeing something in the
code somewhere that does some password encryption. Is this
something I could leverage to encrypt the cookie. If so,
could someone point me to the right place in the source
tree.
-- Steve Davis
-- Digital Evergreen Interactive
-----Original Message-----
From: David Sean Taylor [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 10:43 AM
To: [EMAIL PROTECTED]
Subject: RE: How can the user automatically login using a cookie?
> >
> > logon.automatic=true
> >
> > Any ideas?
>
>
> You just need an alternate login action that sets a cookie
> with a uid/auth token
> (or simply uid if you don't care about security) and modify
> the sessionValidator
> to automatically log you in if you have the cookie set.
> Pretty easy really.
Super. That takes care of the implementation ;)
Do you think 'automatic logon' is an important feature to add to the
jetspeed distribution?
IMO, I think it is, although it should be optional, and not the default
behavior.
-------------------------------------
David Sean Taylor
[EMAIL PROTECTED]
-------------------------------------
http://jakarta.apache.org/jetspeed
-------------------------------------
> -----Original Message-----
> From: Raphael Luta [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, July 12, 2001 12:54 AM
> To: [EMAIL PROTECTED]
> Subject: Re: How can the user automatically login using a cookie?
>
>
> David Sean Taylor wrote:
>
> >>Can a cookie(s) be used to automatically login a user? This
> >>makes using
> >>Jetspeed as the user "homepage" convenient.
> >>
> >
> > Yes. Do you use excite or any of the other popular personal
> portals (yahoo)?
> > Im using MyExcite, and it always remembers to log me in to
> my personalized
> > page automatically.
> > I believe you just need to set a cookie with a long
> expiration time (or no
> > expiration).
> > The servlet cookie api is very easy.
> > This can be an option in Jetspeed - I just need to give it
> some thought as
> > to how it is configured and where the code should go.
> > Maybe in the JRP, something like:
> >
> > logon.automatic=true
> >
> > Any ideas?
>
>
> You just need an alternate login action that sets a cookie
> with a uid/auth token
> (or simply uid if you don't care about security) and modify
> the sessionValidator
> to automatically log you in if you have the cookie set.
> Pretty easy really.
>
>
> --
> Raphael Luta - [EMAIL PROTECTED]
> Vivendi Universal Networks - Paris
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
