Hello! I have been using Apache Sling for a little while now, but am only just starting to familiarize myself with, and implement, user authentication within Sling. I am also new to user auth and user management in general.
I am building a web interface, and want to include standard form-based authentication for the users (i.e. username and password). I have begun to explore Sling's form-based AuthenticationHandler, and have a couple of questions: 1. When a user's session is deemed valid by requestCredentials, does Sling store the secure token - mentioned on the AuthenticationHandler's web page - in the user's cookies automatically, as a signature of the user's valid session? Or is that something that I would have to implement explicitly myself? 2. If Sling stores the secure token without any intervention on my part, what is the best way to retrieve it during extractCredentials to check for a valid session? Since I'm new to web auth, I still am not entirely clear on a cookie's structure, or an HTTP session's structure, if that is where it is stored. Any answers/advice would be greatly appreciated! Warmly, Matt Taylor -- Email: [email protected]
