CMIS Workbench with cookies enabled logs into Nuxeo every time

Using CMIS Workbench 0.10.0 with various bindings and cookies enabled, I see a “Login Success” entry in the Nuxeo audit trail for every CMIS operation performed. I expected to see only one for the initial login. Thoughts?

0 votes

1 answers

1021 views

ANSWER

Could you open a JIRA ticket?
08/29/2013

rg1
08/29/2013



This is by design, the CMIS endpoint is not designated as stateful so does not generate a (needless) HTTP session which does not create a JSESSIONID cookie.

Edit: it's possible to make an endpoint use a stateful HTTP session and therefore a cookie through some config. To do that, the <authenticationPlugin> of the authenticators extension point defining the authentication for the given URL pattern must include <stateful>true</stateful>. This is done for instance here. Compare this with the standard binding for the browser binding endpoint here.

0 votes



rg1
This seems to contradict the answer provided to this question. Please clarify.

I can think of lots of cases where it would be useful to pin a CMIS client to a particular server-side cluster node to optimize authentication and leverage server-side caching. For example, say I would to download the content of all the documents in a folder. I might like the server performing the getChildren operation to also perform the getContentStream for each child so as to leverage the server-side getChildren cache.

11/18/2013

Right. I updated the answer in the other question, and the above answer.
11/27/2013