Here's one ugly hack solution to the problem that appears to work
and doesn't require any additional code:
Hmmm, this is not an ugly hack, it makes perfect sense ;-)
<!-- authentication rule for members-only embedded elements -->
<element id="AuthMemberEmbedded" extends="rife/authenticated/
database.xml">
<property name="template_name">authentication.empty</property>
<property name="role">member</property>
<property name="authvar_type">cookie</property>
<property name="datasource"><datasource>postgresql</
datasource></property>
<submission name="credentials" scope="global">
<param name="login"/>
<param name="password"/>
<param name="remember"/>
</submission>
<childtrigger name="authid"/>
<incookie name="rememberid"/>
<outcookie name="rememberid"/>
</element>
<!-- embedded element that logs the user in from a remembered
session -->
<group inherits="AuthMemberEmbedded">
<element id="RestoreRememberedSession" file="rife/template/
print.xml">
<property name="name">authentication.empty</property>
</element>
</group>
I put "${v ELEMENT:.RestoreRememberedSession/}" in my
blueprint.html file. The "authentication.empty" template is just
what the name implies, an empty file. Now the embedded element gets
evaluated on every page hit, and if it needs to restore a session
using the rememberid, that happens automatically. Since my home
page implementation class fetches the home page template (and thus
evaluates its embedded elements) before doing the check to see if
the user is logged in, this gives me the behavior I want.
EXCEPT! This hack seems to create a brand new session for every
page hit. Every page sets a new rememberid cookie. That appears to
be harmless, but in production it'll be no good since it means
extra database hits to maintain the AuthRemembered table. So I'd
still like a better solution than this.
You should understand that a rememberid cookie is only valid once.
For logging in a person one time. After that, the regular
authentication functionalities have to take over and a new rememberid
cookie is generated for when the authentication session expires.
There's probably something not entirely set up right so that you're
not using the authid cookie or so.
Hope this helps,
Geert
--
Geert Bevin
Uwyn "Use what you need" - http://uwyn.com
RIFE Java application framework - http://rifers.org
Music and words - http://gbevin.com
_______________________________________________
Rife-users mailing list
[email protected]
http://lists.uwyn.com/mailman/listinfo/rife-users
