掲示板

  1. ホーム
  2. Development
  3. Different session issue on pre-login and after login landing page.

Different session issue on pre-login and after login landing page.

thumbnail
6年前 に Sanjay D Panchal によって更新されました。

Different session issue on pre-login and after login landing page.

New Member 投稿: 2 参加年月日: 14/04/06 最新の投稿
We have created a login hook where we have customized login jsp and also we have implemented MyCustomAction (struts action) which is
executed on liferay login event where we want to generate some user token based on user credentials.
We have to keep this code of token generation on Custom Struts action because we need user's plain text password along with login ID
and our configuration is like that we have applied BCRYPT algorithm so we are not able to get plain text password other than login event.

We succeded in generating token based on user credentials but the issue is after generating token we want to keep it in user session,
so that all other subsequent user operations after login, we can get token from session and use it wherever applicable.

Now the issue is the session generated at login event and the session at the first portlet where user lands after login are different.
thumbnail
6年前 に David H Nebinger によって更新されました。

RE: Different session issue on pre-login and after login landing page.

Liferay Legend 投稿: 14919 参加年月日: 06/09/02 最新の投稿
Sanjay D Panchal:
We succeded in generating token based on user credentials but the issue is after generating token we want to keep it in user session, so that all other subsequent user operations after login, we can get token from session and use it wherever applicable.


Once again, session storage is a hack. It should be avoided at all costs. It is more trouble than it is worth. IMHO, a developer that uses session storage is demonstrating a lack of knowledge or understanding of all of the runtime issues connected to using session storage in a production environment.

That said, what you want is still possible.

#
# Set a comma delimited list of attribute names that will be copied to the
# new session when the property "session.enable.phishing.protection" is set
# to true.
#
session.phishing.protected.attributes=HTTPS_INITIAL,LAST_PATH








Come meet me at 2017 LSNA!