How and where should i maintain session or cookies in nuxeo while login?
Hi,
We are using nuxeo-dm-5.3.1(jboss). With the use of Java and Flex technologies we create ear and war file and then put it into nuxeo. After starting server application is working fine.
I have problem with two different nuxeo login pages
Once i enter localhost:8080 in browser—-login page will open, authentication is processing and then its working fine(this is our UI, it will intract with nuxeo).
Otherwise if i enter localhost:8080/nuxeo in browser—-login.jsp page will open, authentication processing and then its working fine.
Its working fine separately.
But i login via localhost:8080 in browser, in another tab if i open localhost:8080/nuxeo means it didn't show login.jsp page and didn't ask username and password. directly login with which user logged in localhost:8080 page.
It should not happen. localhost:8080/nuxeo also should ask username and password if i logged in via localhost:8080. How should i maintain this logic?
Please help me…
Thanks
This has nothing to do with Nuxeo: Firefox shares sessions between tabs.
If you log in http://localhost:8080/nuxeo/login.jsp in a second tab, you may be able to log in with a different user but going back to the first tab (where you were previously logged in), you will loose the first session and use the second one.
See Mozilla bug 117222 - (sessionperwindow) Limit Scope of Session Cookies (new tabs and windows).
There are some workarounds:
- use different Firefox profiles (run
firefox -no-remote -P
) - use Chrome specific option “open new window without history” (or run
chrome /incognito
) - use dedicated plugins such as Yoono
I'm not sure at all that will do the stuff for you. I see that for JBoss the JSESSIONID cookie configuration is explain there: http://shchekoldin.com/2010/05/27/sharing-jsessionid-across-subdomains/
Maybe someone else will have a better solution. I don't understand why the JSESSIONID work in both application. Really strange. How did you manage the security in your Flex EAR?