Create session cookie so headers are only needed on login page

Currently the headers are needed on every page. When the headers are gone, you are no longer logged in. It would be useful if you stay logged in. Then a frontend server (nginx, Apache) only needs to check for example SAML or CAS only for one, or a few, pages.

- We can set an `__ac` cookie by calling [`self._getPAS().updateCredentials`](https://github.com/zopefoundation/Products.PluggableAuthService/blob/master/Products/PluggableAuthService/PluggableAuthService.py#L1140-L1156).
- That will call [`updateCredentials` from `plone.session`](https://github.com/plone/plone.session/blob/master/plone/session/plugins/session.py#L239-L245).
- For that call to work, a user must be found. That can only work when our plugin supports `enumerateUsers`, although possibly a user with the same id can be found from LDAP or elsewhere.

So:

1. Implement enumerateUsers (this will either return one user or none, depending on the headers).
2. Call `updateCredentials`. I think we would call this from `authenticateCredentials`.

Ah, or we would just call [`_setupSession`](https://github.com/plone/plone.session/blob/master/plone/session/plugins/session.py#L147) from plone.session directly.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Create session cookie so headers are only needed on login page #6

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Create session cookie so headers are only needed on login page #6

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions