Hi, I've just developed my first project in Cocoon (I'm using 2.1.8, and Tomcat 5.5.12), and I've managed to solve all the problems I've come across except for one:
The site requires authentication, and I want the authentication page to run over https whilst the rest of the site is served with plain http. I have the following in the sitemap: <handler name="rohandler"> <redirect-to uri="https://www.bath.ac.uk/ro/login"/> <authentication uri="cocoon:/ro-auth"/> </handler> <act type="auth-login"> <parameter name="handler" value="rohandler"/> <redirect-to uri="http://www.bath.ac.uk{request-param:target-page}"; session="yes"/> </act> This works fine if cookies are enabled, but everything else works without relying on cookies and I would like this to as well. The trouble is that the ;jsession=xxx string is not included in the URL when redirecting from http to https and vice versa, even if I set session="yes" in the redirect-to tags (which appears to be the default in these circumstances anyway). The after-authentication redirect can be made to work by brute force like this: <act type="auth-login"> <parameter name="handler" value="rohandler"/> <redirect-to uri="http://www.bath.ac.uk {request-param:target-page};jsessionid={session:id}"/> </act> However trying the same trick pre-authentication like this... <handler name="rohandler"> <redirect-to uri="https://www.bath.ac.uk/ro/ login;jsessionid={session:id}"/> <authentication uri="cocoon:/ro-auth"/> </handler> Ends up at a URL like this: https://www.bath.ac.uk/ro/login;jsessionid={session:id}?resource=... So my question is: What have I missed that would make it just work without having to fudge it? And secondly: Why does the fudge only work in one direction? Thanks, Tim Barrett -- Systems Programmer -- University of Bath Computing Services [EMAIL PROTECTED] 01225 38 6485 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
