How and where should i maintain session or cookies in nuxeo while login?

Hi,

We are using nuxeo-dm-5.3.1(jboss). With the use of Java and Flex technologies we create ear and war file and then put it into nuxeo. After starting server application is working fine.

I have problem with two different nuxeo login pages

Once i enter localhost:8080 in browser—-login page will open, authentication is processing and then its working fine(this is our UI, it will intract with nuxeo).

Otherwise if i enter localhost:8080/nuxeo in browser—-login.jsp page will open, authentication processing and then its working fine.

Its working fine separately.

But i login via localhost:8080 in browser, in another tab if i open localhost:8080/nuxeo means it didn't show login.jsp page and didn't ask username and password. directly login with which user logged in localhost:8080 page.

It should not happen. localhost:8080/nuxeo also should ask username and password if i logged in via localhost:8080. How should i maintain this logic?

Please help me…

Thanks

0 votes

1 answers

516 views

ANSWER

Maybe look the path of the JSessionID cookie generated by the server will do the work. Maybe you have to limit by context path /nuxeo and /yourapplication.

I'm not sure at all that will do the stuff for you. I see that for JBoss the JSESSIONID cookie configuration is explain there: http://shchekoldin.com/2010/05/27/sharing-jsessionid-across-subdomains/

Maybe someone else will have a better solution. I don't understand why the JSESSIONID work in both application. Really strange. How did you manage the security in your Flex EAR?

04/10/2012



This has nothing to do with Nuxeo: Firefox shares sessions between tabs.
If you log in http://localhost:8080/nuxeo/login.jsp in a second tab, you may be able to log in with a different user but going back to the first tab (where you were previously logged in), you will loose the first session and use the second one.

See Mozilla bug 117222 - (sessionperwindow) Limit Scope of Session Cookies (new tabs and windows).

There are some workarounds:

  • use different Firefox profiles (run firefox -no-remote -P)
  • use Chrome specific option “open new window without history” (or run chrome /incognito)
  • use dedicated plugins such as Yoono
0 votes