Expand my Community achievements bar.

SOLVED

login-token cookie is not being generated on publisher

Avatar

Level 2

We have a custom External LoginModule implemented, on my local 6.3.0 everything is fine and working.  When I log in as a "site participant" I have a login-token cookie as expected.

On my client's QA server which is on 6.3.1.2, I am still able to login as a participant on the instance, but login-token is not being generated in the cookies somehow.

This is a pretty big issue as the dispatcher needs that login-token to bypass the cache when a user is logged in.

Why would the login-token be missing?  Is this configurable somewhere? (Maybe their IT guys messed with something they shouldn't) . Or could this be a bug in 6.3.1.2?

1 Accepted Solution

Avatar

Correct answer by
Employee Advisor

If it's working on your local 6.3.1.2 instance, but not on the client's system with the same version, it's likely that there is a subtle difference in configuration (or code?) you haven't discovered. Switching from 6.3 GA to 6.3.1.2 shouldn't show this kind of change.

Please validate if there are any differences in the environments.

regards,

Jörg

View solution in original post

2 Replies

Avatar

Correct answer by
Employee Advisor

If it's working on your local 6.3.1.2 instance, but not on the client's system with the same version, it's likely that there is a subtle difference in configuration (or code?) you haven't discovered. Switching from 6.3 GA to 6.3.1.2 shouldn't show this kind of change.

Please validate if there are any differences in the environments.

regards,

Jörg

Avatar

Level 2

I was wrong in my first assumption, it wasn't creating the token either locally.

Since the user is created without a password, as the real authentication is handled on another server, we only keep the user profile and information in the session's credential/principal information.

I ended up manually creating a "authorization" cookie when the authentication handler calls the doSuccess, and when a page load, we check if the user is still logged in, if the user isn't, we delete the cookie so the next call to the dispatcher goes through cache.