I thought I would pseudo document the way I made popup windows and sessions
work for my app...
I wanted to do session tracking across popup windows in my app. So I could
do "wizard" type windows for data entry and such... The problem was that the
session cookie used for tracking wasn't available to new popup windows,
which forced the user to authenticate them every session. I didn't want to
use url rewriting because I'm stubborn, and because this app is intranet and
I have control over the browsers so I know they do cookies.
My solution was to use persistent cookies to store the username and password
and use them to login the user if they exist. (note the steel clad
security)...
In the doPerform() of LoginUser after:
user = TurbineSecurity.getAuthenticatedUser( username, password );
I added this code that sets the persistent cookies that hold the username
and password:
CookieParser cp = data.getCookies();
cp.set("username", user.getUserName(), 50000000);
cp.set("password", user.getPassword(), 50000000);
data = cp.getRunData();
In TemplateSessionValidator I added the following code FIRST thing in
doPerform(). It checks for
the cookies and if they exists it attempts authentication... inserting this
code as is will, work but it will do this for every page that needs
authentication.. so you might want to make sure the user is not in the
session already if it is... just skip this code and the user will be handled
like before...
String username = data.getCookies().get("username");
String password = data.getCookies().get("password");
if((username != null && username.length() > 0) &&
(password != null && password.length() > 0))
{
User user = TurbineSecurity.getAuthenticatedUser(username,
password);
if ( user != null )
{
user.setLastAccessDate();
user.incrementAccessCounter();
user.incrementAccessCounterForSession();
user.setHasLoggedIn(new Boolean(true));
}
data.setUser(user);
data.save();
}
maybe it is not such a good idea to increment those access counters... not
sure...
if you extend the existing TemplateSessionValidator and LoginUser as I did
you will have to change TR.props to reflect these new classes...
specifically action.login and action.sessionvalidator...
If anyone is interested I can make this code get the cookie lifetime
settings from TR.props and make a session.usepersistentlogin property that
would use this code if set to true.. and make a patch... or I could just
make a HOWTO... or nothing at all... :)
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
