Closed Bug 632059 Opened 13 years ago Closed 13 years ago

Put the session logic in server-core

Categories

(Cloud Services :: Server: Core, defect)

Product:
Cloud Services
Component:
Server: Core
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: tarek, Unassigned)

Details

Identity has a bit of session logic, like Account manager has:

- login/logout pages + an auth challenge & redirect after login
- session based on beaker 

We should have this logic separated and put into serve-core, so it can be reused.
hmm, I'm not sure that there's all that much there. Beaker kind of is the abstraction layer and there's not much on top of it.

We don't actually do a redirect on login - we simply put up the login page in place of the page you're visiting. It's possible that there's enough overlap with identity that we could extract out a function there, but it's not going to be a lot.
(In reply to comment #1)
> we simply put up the login page in place of the page you're visiting.

Mmm that's not a good web behavior for a form-base authentication. A page that cannot be accessed anonymously should redirect to a page that can be accessed anonymously (here our login page), then come back to the original page. A GET is idempotent -- think cache / indexing --  and should not point to two different resources depending on session data.
this is a bit early since the only production app that potentially needs it is still AP. Closing as won't fix. If needed, it will naturally come back
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.