login-token cookie is not being generated on publisher

Question

We have a custom External LoginModule implemented, on my local 6.3.0 everything is fine and working. When I log in as a "site participant" I have a login-token cookie as expected.

On my client's QA server which is on 6.3.1.2, I am still able to login as a participant on the instance, but login-token is not being generated in the cookies somehow.

This is a pretty big issue as the dispatcher needs that login-token to bypass the cache when a user is logged in.

Why would the login-token be missing? Is this configurable somewhere? (Maybe their IT guys messed with something they shouldn't) . Or could this be a bug in 6.3.1.2?

joerghoh · Accepted Answer

If it's working on your local 6.3.1.2 instance, but not on the client's system with the same version, it's likely that there is a subtle difference in configuration (or code?) you haven't discovered. Switching from 6.3 GA to 6.3.1.2 shouldn't show this kind of change.

Please validate if there are any differences in the environments.

regards,

Jörg

FrancoisCournoyer · Answer

I was wrong in my first assumption, it wasn't creating the token either locally.

Since the user is created without a password, as the real authentication is handled on another server, we only keep the user profile and information in the session's credential/principal information.

I ended up manually creating a "authorization" cookie when the authentication handler calls the doSuccess, and when a page load, we check if the user is still logged in, if the user isn't, we delete the cookie so the next call to the dispatcher goes through cache.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded