Thanks for the help! That should be sufficient for now. Warmly, Matt
On Sat, Mar 30, 2013 at 3:25 PM, Eric Norman <[email protected]>wrote: > 1. The Form Based AuthenticationHandler would take care of sending (and > receiving) the auth cookie automatically after your authentication > credentials have been confirmed as valid. > > 2. This should happen automatically as well if you are using the Form > Based AuthenticationHandler. If you are creating a custom authentication > handler, you could get the cookie that you had previously set from the http > request that was sent from the browser. See: > > http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getCookies() > > Regards, > Eric > > > On Fri, Mar 29, 2013 at 1:12 PM, Matthew Taylor <[email protected]> > wrote: > > > Hello! > > > > I have been using Apache Sling for a little while now, but am only just > > starting to familiarize myself with, and implement, user authentication > > within Sling. I am also new to user auth and user management in general. > > > > I am building a web interface, and want to include standard form-based > > authentication for the users (i.e. username and password). I have begun > to > > explore Sling's form-based AuthenticationHandler, and have a couple of > > questions: > > > > 1. When a user's session is deemed valid by requestCredentials, does > Sling > > store the secure token - mentioned on the AuthenticationHandler's web > page > > - in the user's cookies automatically, as a signature of the user's valid > > session? Or is that something that I would have to implement explicitly > > myself? > > 2. If Sling stores the secure token without any intervention on my part, > > what is the best way to retrieve it during extractCredentials to check > for > > a valid session? Since I'm new to web auth, I still am not entirely clear > > on a cookie's structure, or an HTTP session's structure, if that is where > > it is stored. > > > > Any answers/advice would be greatly appreciated! > > > > Warmly, > > Matt Taylor > > > > -- > > Email: [email protected] > > > -- Matthew Taylor Software Consultant Behavioral Media Networks - http://launch.bmedianet.com/ Email: [email protected]
