Hi all,
Taking a closer look at the code I don't see the purpose of the
if ( sessionValidator.requiresNewSession(data) &&
data.getSession().isNew() )
{
...
}
clause in the 'Turbine.doGet' method.
The way logins are handled is a little confusing, but it looks like
the following:
1. User requests some page on the system.
2. If the validator requires a new session and the session is new
redirect to 'screen.homepage', adding all parameters to redirect URI,
and checking to make sure that a redirect loop is not being created...
3. contexts are initialized
4. screen and action are extracted from parameters
5. if the action is 'action.login' then clear out session parameters
and carry out the 'action.login'.
6. run the 'action.accesscontroller'. this may setup the screen to be
'screen.login'.
7. load the page, carry out the action, screen, etc...
So specifically, it doesn't seem like step #2 is needed at all. Is
there some situation that I'm missing or is this leftover code from
previous login mechanisms?
Also, as one other minor note, we may want to clear out any 'action'
in the DefaultSessionValidator as the user is being redirected to the
login screen; this may prevent unexpected actions from accidentally
being carried out...
Chris Meyer
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
