Fórum

RE: Custom Login , Sessions are shared ??

thumbnail
Tom Mahy, modificado 12 Anos atrás.

Custom Login , Sessions are shared ??

Regular Member Postagens: 103 Data de Entrada: 11/05/11 Postagens Recentes
Hi,

so ive written a hook extending AutoLogin.
Upon getting to the site the header is read and the user is logged in.
This works fine. However i have noticed some weird behaviour.

Here is a snippet :

Enumeration<string> enumeration = request.getHeaders("username");
 while(enumeration.hasMoreElements()){
		        
  	String username = enumeration.nextElement();
        User user = UserLocalServiceUtil.getUserByScreenName(username);
        String[] credentials = new String[3];
	credentials[0] = new Long(user.getUserId()).toString();
	credentials[1] = user.getPassword();
	credentials[2] = Boolean.FALSE.toString();
	return credentials;
}</string>


The user logs in but gets another user session. Only after the page refreshes does the user log in.

ie:
user 1 logs in (no problem here)
now user 2 logs in, this user now seems to be logged in as user1 , however if user 2 refreshes the page than the credentials change to user2.

Am i doing this wrong ? any ideas ?

Thank you.
thumbnail
Tom Mahy, modificado 12 Anos atrás.

RE: Custom Login , Sessions are shared ??

Regular Member Postagens: 103 Data de Entrada: 11/05/11 Postagens Recentes
bump
thumbnail
Sandeep Nair, modificado 12 Anos atrás.

RE: Custom Login , Sessions are shared ??

Liferay Legend Postagens: 1744 Data de Entrada: 06/11/08 Postagens Recentes
How are you setting the Header. Is it through a filter. I am not sure, but it may be because, the request still has old headers. Are you having some logout hook which clears the headers out.

Regards,
Sandeep
thumbnail
Tom Mahy, modificado 12 Anos atrás.

RE: Custom Login , Sessions are shared ??

Regular Member Postagens: 103 Data de Entrada: 11/05/11 Postagens Recentes
Hi. thanks for the reply.

Yes i have a logout hook which clears the session and headers.

But the headers are correct. So when i read the headers the information is correct. I then force the login with a hook.
But liferay thinks its a different user.

The real problem here is that this happens from different clients.

ie: user 1 on pc 1 logs in, followed by user 2 on pc2. User 2 gets the credentials from user 1.
However the code does read the correct headers.

ive tried changing the portal-ext.properties to clear a users session :


session.cookie.domain=true
session.timeout=0
session.timeout.warning=0
session.timeout.auto.extend=false
session.timeout.redirect.on.expire=true
session.shared.attributes=org.apache.struts.action.LOCALE,COMPANY_,USER_,LIFERAY_SHARED_
session.shared.attributes.excludes=USER_PASSWORD
session.store.password=false
session.enable.persistent.cookies=false
session.enable.url.with.session.id=false
session.enable.phishing.protection=true
session.phishing.protected.attributes=HTTPS_INITIAL,LAST_PATH
session.test.cookie.support=false
session.disabled=true
servlet.session.create.events=com.liferay.portal.events.SessionCreateAction
servlet.session.destroy.events=com.liferay.portal.events.SessionDestroyAction
session.tracker.memory.enabled=false
session.tracker.persistence.enabled=false


But this changes nothing.
thumbnail
Sandeep Nair, modificado 12 Anos atrás.

RE: Custom Login , Sessions are shared ??

Liferay Legend Postagens: 1744 Data de Entrada: 06/11/08 Postagens Recentes
Thats weird, by two different pc, I assume that they are trying to login using two different browser and that means they both should have different session.
Is my understanding correct. Or are they logging using the same browser.

Regards,
Sandeep
thumbnail
Tom Mahy, modificado 12 Anos atrás.

RE: Custom Login , Sessions are shared ??

Regular Member Postagens: 103 Data de Entrada: 11/05/11 Postagens Recentes
no no. I mean two different PC's. Two separate machines.
thumbnail
Sandeep Nair, modificado 12 Anos atrás.

RE: Custom Login , Sessions are shared ??

Liferay Legend Postagens: 1744 Data de Entrada: 06/11/08 Postagens Recentes
Hmm. I am not sure what can be wrong then unless I see the code which is setting the header.

Can you do a debug at this place?

AutoLoginFilter Class-> processFilter method -> lines as below

String[] credentials = autoLogin.login(request, response);

					String redirect = (String)request.getAttribute(
						AutoLogin.AUTO_LOGIN_REDIRECT);

					if (Validator.isNotNull(redirect)) {
						response.sendRedirect(redirect);

						return;
					}

					String loginRemoteUser = getLoginRemoteUser(
						request, response, session, credentials);


I would want to see what is the loginRemoteUser in case of second user.

Regards,
Sandeep
thumbnail
Tom Mahy, modificado 12 Anos atrás.

RE: Custom Login , Sessions are shared ??

Regular Member Postagens: 103 Data de Entrada: 11/05/11 Postagens Recentes
i'll be able to check this on monday.

Thank you
thumbnail
Sandeep Nair, modificado 12 Anos atrás.

RE: Custom Login , Sessions are shared ?? (Resposta)

Liferay Legend Postagens: 1744 Data de Entrada: 06/11/08 Postagens Recentes
On rereading the code I think maybe the code is dodgy too.. I see that you are trying to read header using request.getHeaders, instead of request.getHeader and iterating over it. So is it possible that, there are multiple values for same name and it is giving back the first available value and return.

I am saying this because, Liferay has SiteMinderAutoLogin which too reads from header for "SM_USER" and it was working fine for me.

Regards,
Sandeep
thumbnail
Tom Mahy, modificado 12 Anos atrás.

RE: Custom Login , Sessions are shared ??

Regular Member Postagens: 103 Data de Entrada: 11/05/11 Postagens Recentes
Ive checked the SiteMinderAutoLogin class and your right.
I'll test this on monday and will let you know something.


Thank you.
thumbnail
Tom Mahy, modificado 12 Anos atrás.

RE: Custom Login , Sessions are shared ??

Regular Member Postagens: 103 Data de Entrada: 11/05/11 Postagens Recentes
I changed to read a single value and everything seems to work. Thank you