Forums

Home » Liferay Portal » English » 3. Development

Combination View Flat View Tree View
Threads [ Previous | Next ]
toggle
Tom Mahy
Custom Login , Sessions are shared ??
February 21, 2012 7:24 AM
Answer

Tom Mahy

Rank: Junior Member

Posts: 98

Join Date: May 11, 2011

Recent Posts

Hi,

so ive written a hook extending AutoLogin.
Upon getting to the site the header is read and the user is logged in.
This works fine. However i have noticed some weird behaviour.

Here is a snippet :

 1Enumeration<String> enumeration = request.getHeaders("username");
 2 while(enumeration.hasMoreElements()){
 3               
 4      String username = enumeration.nextElement();
 5        User user = UserLocalServiceUtil.getUserByScreenName(username);
 6        String[] credentials = new String[3];
 7    credentials[0] = new Long(user.getUserId()).toString();
 8    credentials[1] = user.getPassword();
 9    credentials[2] = Boolean.FALSE.toString();
10    return credentials;
11}


The user logs in but gets another user session. Only after the page refreshes does the user log in.

ie:
user 1 logs in (no problem here)
now user 2 logs in, this user now seems to be logged in as user1 , however if user 2 refreshes the page than the credentials change to user2.

Am i doing this wrong ? any ideas ?

Thank you.
Tom Mahy
RE: Custom Login , Sessions are shared ??
March 1, 2012 5:13 AM
Answer

Tom Mahy

Rank: Junior Member

Posts: 98

Join Date: May 11, 2011

Recent Posts

bump
Sandeep Nair
RE: Custom Login , Sessions are shared ??
March 1, 2012 5:21 AM
Answer

Sandeep Nair

Rank: Liferay Legend

Posts: 1691

Join Date: November 5, 2008

Recent Posts

How are you setting the Header. Is it through a filter. I am not sure, but it may be because, the request still has old headers. Are you having some logout hook which clears the headers out.

Regards,
Sandeep
Tom Mahy
RE: Custom Login , Sessions are shared ??
March 1, 2012 5:29 AM
Answer

Tom Mahy

Rank: Junior Member

Posts: 98

Join Date: May 11, 2011

Recent Posts

Hi. thanks for the reply.

Yes i have a logout hook which clears the session and headers.

But the headers are correct. So when i read the headers the information is correct. I then force the login with a hook.
But liferay thinks its a different user.

The real problem here is that this happens from different clients.

ie: user 1 on pc 1 logs in, followed by user 2 on pc2. User 2 gets the credentials from user 1.
However the code does read the correct headers.

ive tried changing the portal-ext.properties to clear a users session :

 1
 2session.cookie.domain=true
 3session.timeout=0
 4session.timeout.warning=0
 5session.timeout.auto.extend=false
 6session.timeout.redirect.on.expire=true
 7session.shared.attributes=org.apache.struts.action.LOCALE,COMPANY_,USER_,LIFERAY_SHARED_
 8session.shared.attributes.excludes=USER_PASSWORD
 9session.store.password=false
10session.enable.persistent.cookies=false
11session.enable.url.with.session.id=false
12session.enable.phishing.protection=true
13session.phishing.protected.attributes=HTTPS_INITIAL,LAST_PATH
14session.test.cookie.support=false
15session.disabled=true
16servlet.session.create.events=com.liferay.portal.events.SessionCreateAction
17servlet.session.destroy.events=com.liferay.portal.events.SessionDestroyAction
18session.tracker.memory.enabled=false
19session.tracker.persistence.enabled=false


But this changes nothing.
Sandeep Nair
RE: Custom Login , Sessions are shared ??
March 1, 2012 5:41 AM
Answer

Sandeep Nair

Rank: Liferay Legend

Posts: 1691

Join Date: November 5, 2008

Recent Posts

Thats weird, by two different pc, I assume that they are trying to login using two different browser and that means they both should have different session.
Is my understanding correct. Or are they logging using the same browser.

Regards,
Sandeep
Tom Mahy
RE: Custom Login , Sessions are shared ??
March 1, 2012 5:44 AM
Answer

Tom Mahy

Rank: Junior Member

Posts: 98

Join Date: May 11, 2011

Recent Posts

no no. I mean two different PC's. Two separate machines.
Sandeep Nair
RE: Custom Login , Sessions are shared ??
March 1, 2012 5:53 AM
Answer

Sandeep Nair

Rank: Liferay Legend

Posts: 1691

Join Date: November 5, 2008

Recent Posts

Hmm. I am not sure what can be wrong then unless I see the code which is setting the header.

Can you do a debug at this place?

AutoLoginFilter Class-> processFilter method -> lines as below

 1String[] credentials = autoLogin.login(request, response);
 2
 3                    String redirect = (String)request.getAttribute(
 4                        AutoLogin.AUTO_LOGIN_REDIRECT);
 5
 6                    if (Validator.isNotNull(redirect)) {
 7                        response.sendRedirect(redirect);
 8
 9                        return;
10                    }
11
12                    String loginRemoteUser = getLoginRemoteUser(
13                        request, response, session, credentials);


I would want to see what is the loginRemoteUser in case of second user.

Regards,
Sandeep
Tom Mahy
RE: Custom Login , Sessions are shared ??
March 1, 2012 5:57 AM
Answer

Tom Mahy

Rank: Junior Member

Posts: 98

Join Date: May 11, 2011

Recent Posts

i'll be able to check this on monday.

Thank you
Sandeep Nair
RE: Custom Login , Sessions are shared ??
March 1, 2012 6:06 AM
Answer

Sandeep Nair

Rank: Liferay Legend

Posts: 1691

Join Date: November 5, 2008

Recent Posts

On rereading the code I think maybe the code is dodgy too.. I see that you are trying to read header using request.getHeaders, instead of request.getHeader and iterating over it. So is it possible that, there are multiple values for same name and it is giving back the first available value and return.

I am saying this because, Liferay has SiteMinderAutoLogin which too reads from header for "SM_USER" and it was working fine for me.

Regards,
Sandeep
Tom Mahy
RE: Custom Login , Sessions are shared ??
March 1, 2012 6:13 AM
Answer

Tom Mahy

Rank: Junior Member

Posts: 98

Join Date: May 11, 2011

Recent Posts

Ive checked the SiteMinderAutoLogin class and your right.
I'll test this on monday and will let you know something.


Thank you.
Tom Mahy
RE: Custom Login , Sessions are shared ??
March 8, 2012 5:12 AM
Answer

Tom Mahy

Rank: Junior Member

Posts: 98

Join Date: May 11, 2011

Recent Posts

I changed to read a single value and everything seems to work. Thank you