[Seaside] BUG: Basic authentication
Julian Fitzell
julian at beta4.com
Wed Aug 31 04:39:33 CEST 2005
Hmm... I can't reproduce this obviously with Seaside 2.5.
The two applications obviously have different basePath's and it is the
basePath that Seaside uses by default as the realm for HTTP Basic
Authentication. As long as the applications are providing different
authentication realms, the user should be reprompted for a password. If this
is not the case, this is obviously a browser bug.
Can you confirm which version of seaside you're using and perhaps how you are
setting up the authenticated applications... is there any reason they would
actually be using the same realm?
Julian
Quoting Mart-Mari Breedt <breedt_m at aircom.co.za>:
> Hallo all,
>
>
>
> We have the following problem. Consider you have two instances of the
> same seaside application, each set up with basic authentication.
> Example, you have two instances of the counter application (named
> counter1 and counter2) with username=admin and password=seaside on both.
>
>
>
>
> When you log on to seaside/counter1, you would be prompted for a
> username and password. (Which is correct...) When you now log on to
> seaside/counter2 (from the same browser session) you would NOT be
> prompted for a username and password. The WARequest object contains the
> previous username and password and since it is the same as the username
> and password for this application, you are automatically validated. This
> (We believe) is a bug, since you should have been prompted for a new
> username and password for two reasons. One: Because you are starting a
> new session and Two: Because you are accessing a totally different
> application instance.
>
>
>
> Does anyone have any ideas or previous experiences on fixing this?
>
>
>
> Thank you,
>
>
>
> Mart-Mari
>
>
>
>
>
>
--
julian at beta4.com
Beta4 Productions (http://www.beta4.com)
More information about the Seaside
mailing list