hi all, Status update: FIXED Cause : To create a page post-login,i have been using map:aggregate for putting together menu.xml and the content.xml.Does work ,but it also caches the request and manages to remember the last session object. Solution: i replaced the logic to use cinclude transformer not-cache mode.
don't know if anyone uses the same design to create dynamic pages,but thought it might help others. thanks for your time. kind regards, gautam >>> [EMAIL PROTECTED] 10/10/2005 1:05:23 PM >>> hi all, I have recently moved the existing web-app on Cocoon-2.0.5 to cocoon-2.1.7.and i am facing session objects getting mixed up between multiple users.The main issue i am running into is giving users access to apps which he is not permissible for his group. I am configured as follows: ------------------------------ Cocoon ver- 2.1.7 O.S- Windows 2003 Tomcat - tomcat-5.x In brief: -------------- My website structure is this: Main Sitemap( login/ logout takes place from here) | |--> Sub-sitemap-ADM( ADMIN can seee this along with stuff for MANAGERand USER) |--> Sub-sitemap-MGR( MANAGER can see these as well as stuff for USERS) |--> Sub-sitemap-Usr ( simple USERs can see these) When a user logs in, i use the authentication security handler to verify the user.Once done i save the user's security access level into the 'AUTHENTICATION' context.I use the [auth-protect] action to get hold of all the authentication conetxt data in the session. Scenario ---------- Step-1) If the user belongs to the 'MGR' group, he gets directed to the sub-sitemap which deals with only mnagerial task.He gets his work done,returns back to the main menu where he logs out and ends his session. step-2) Another user logs in and he belongs to group -'USR', he gets directed to sub-sitemap [Sub-sitemap-Usr].he goes in there,does his stuff and decides to go back to the main sitemap , when this happens some how he is getting hold of the previous users authentication context which in my case makes him see all content belonging to manager group(in the current case or of some one who happened to be the previous user being tracked by the site) While trying to figure out whats happening, i found out that session objects are not getting destroyed when i use the [auth-logout] action. Consequence the 'USR' returns from the sub-stemap to the main sitemap and manages to see the 'MGR' guys content,which is a bummer! Side note: *------------- 1)i do use the security-handlerfrom the main sitemap , in the sub-stemap to check if the user is logged-in or not. 2)based on the pipeline match, i use map:mount to load the sub-sitemaps. 2)this issue happens irrespective of if the session was opened using different browser windows. Has any one come across these issue? Can you all help me figure these out ,please? regards, Gautam --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
