Put the session logic in server-core



Cloud Services
Server: Core
7 years ago
7 years ago


(Reporter: tarek, Unassigned)


Firefox Tracking Flags

(Not tracked)




7 years ago
Identity has a bit of session logic, like Account manager has:

- login/logout pages + an auth challenge & redirect after login
- session based on beaker 

We should have this logic separated and put into serve-core, so it can be reused.
hmm, I'm not sure that there's all that much there. Beaker kind of is the abstraction layer and there's not much on top of it.

We don't actually do a redirect on login - we simply put up the login page in place of the page you're visiting. It's possible that there's enough overlap with identity that we could extract out a function there, but it's not going to be a lot.

Comment 2

7 years ago
(In reply to comment #1)
> we simply put up the login page in place of the page you're visiting.

Mmm that's not a good web behavior for a form-base authentication. A page that cannot be accessed anonymously should redirect to a page that can be accessed anonymously (here our login page), then come back to the original page. A GET is idempotent -- think cache / indexing --  and should not point to two different resources depending on session data.

Comment 3

7 years ago
this is a bit early since the only production app that potentially needs it is still AP. Closing as won't fix. If needed, it will naturally come back
Last Resolved: 7 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.