[SLING-1614] Form Auth is not returning user to anonymous JCR state after timeout - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: Form Based Authentication 1.0.0
Component/s: Authentication
Labels:
None

Description

Per a discussion on the dev list [1], it looks like the Form Auth extension is not properly handling timeouts.

Steps to reproduce:

Start up the standalone sling.
Install the form auth bundle.
Goto: http://localhost:8080/index.html - page should render
Goto: http://localhost:8080/system/sling/form/login - login
Goto: http://localhost:8080/index.html - page should still render
Wait for session cookie to timeout (I lowered the timeout to 1 min for my testing)
Refresh: http://localhost:8080/index.html - page will redirect to login form

Expected behavior is that the form auth handler will return the session to an anonymous state if the cookie has timed out.

Related to ~~SLING-1588~~

[1] http://sling.markmail.org/thread/mqp3e7xkrtggpsef

Attachments

Activity

People

Assignee:: Ian Boston

Reporter:: Mike Moulton

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 28/Jul/10 15:13

Updated:: 23/Aug/10 13:17

Resolved:: 28/Jul/10 16:01