DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=31372>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=31372 Error in AuthenticatorBase.register method [EMAIL PROTECTED] changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|INVALID | ------- Additional Comments From [EMAIL PROTECTED] 2004-10-27 10:49 ------- Try to log user access to the site with Cert-based authentication. Since there is no "login" gateway through which all entry is routed, the next logical thing to do is put a token in session upon first hitting the site, log entry, and check for the token on future requests so you know the user's entry has already been logged. I am trying this approach using a servlet filter. Using that model, you get two entry logs for each user because it logs once on the first page hit where a session has not yet been created by the container and is NOT created in the line of code I pointed out and again on the second page hit after the container has created a session and it is returned in the line of code I pointed out. All subsequent page hits work as well since the session has already been created. Other calls to getSession() in the same class use the method that creates a session so I am not clear on why that would be a problem. If the proposed fix is not acceptable then some other fix is necessary because obviously there is a problem if it takes two initial "container hits" to get a session in AuthenticatorBase.register method using certificate-based authentication. Maybe the container needs to create the user's session earlier in the flow? I don't know. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
