Ask Question
« General Questions on Nuxeo

How and where should i maintain session or cookies in nuxeo while login?

Hi,

We are using nuxeo-dm-5.3.1(jboss). With the use of Java and Flex technologies we create ear and war file and then put it into nuxeo. After starting server application is working fine.

I have problem with two different nuxeo login pages

Once i enter localhost:8080 in browser—-login page will open, authentication is processing and then its working fine(this is our UI, it will intract with nuxeo).

Otherwise if i enter localhost:8080/nuxeo in browser—-login.jsp page will open, authentication processing and then its working fine.

Its working fine separately.

But i login via localhost:8080 in browser, in another tab if i open localhost:8080/nuxeo means it didn't show login.jsp page and didn't ask username and password. directly login with which user logged in localhost:8080 page.

It should not happen. localhost:8080/nuxeo also should ask username and password if i logged in via localhost:8080. How should i maintain this logic?

Please help me…

Thanks

veera
Member (126)   1   2   1 		04/09/2012 ( History)
0 votes
1 answers
3820 views
ANSWER
Benjamin Jalon
Maybe look the path of the JSessionID cookie generated by the server will do the work. Maybe you have to limit by context path /nuxeo and /yourapplication.

I'm not sure at all that will do the stuff for you. I see that for JBoss the JSESSIONID cookie configuration is explain there: http://shchekoldin.com/2010/05/27/sharing-jsessionid-across-subdomains/

Maybe someone else will have a better solution. I don't understand why the JSESSIONID work in both application. Really strange. How did you manage the security in your Flex EAR?

04/10/2012
ANSWERS

This has nothing to do with Nuxeo: Firefox shares sessions between tabs.
If you log in http://localhost:8080/nuxeo/login.jsp in a second tab, you may be able to log in with a different user but going back to the first tab (where you were previously logged in), you will loose the first session and use the second one.

See Mozilla bug 117222 - (sessionperwindow) Limit Scope of Session Cookies (new tabs and windows).

There are some workarounds:

  • use different Firefox profiles (run firefox -no-remote -P)
  • use Chrome specific option “open new window without history” (or run chrome /incognito)
  • use dedicated plugins such as Yoono
Julien Carsique
DevTools Team manager (19.2K)   4   7   7 		07/03/2012 ( History)
0 votes
Follow
Tags
Linked Questions
Related Questions
WebDAV mount on Ubuntu: Could not authenticate to server: rejected Digest challenge
Problem with Nuxeo Drive registration when Kerberos module is installed
nuxeo authentication using keycloak
How to get a blob image with cURL?
Cannot login when anonymous user is activated
Possible Bug in Drive for Windows EXE Arguments.
JS Client: Chrome login popup when authentication fails
Unable to call nuxeo rest api from rest client when integrated with Keycloak authentication plugin
shibboleth problem on one host