1

In eXist 4.7 I implemented the persistentlogin in my controller.xql and I have noticed that it does not "persist" very long in my eXist web app ("thema"), whereas the eXide web app in the same eXist instance, using the same login function, persists authenticated status as expected.

Specifically, if I am logged in to both in the evening, the next morning eXide is still logged in (ie. authenticated = true), and my app is not.

I implemented it as follows, with duration set at 30 days ("P30D"):

import module namespace login="http://exist-db.org/xquery/login" at "resource:org/exist/xquery/modules/persistentlogin/login.xql";

let $duration := request:set-attribute("duration", "P30D")
let $set-user := login:set-user("org.exist.thema", (), false())

So I've further tested the persistence in my web app and I find that the login "disappears" (loses authentication?) after about an hour of being non-active on the site.

Is there some other eXist setting I've missed in configuring this?

The only documentation I've been able to find on this is in the notes in the code of login.xql: https://github.com/eXist-db/exist/blob/develop/extensions/modules/persistentlogin/src/main/resources/org/exist/xquery/modules/persistentlogin/login.xql

jbrehr
  • 775
  • 6
  • 19
  • I'd suggest referencing the eXist source code at https://github.com/eXist-db/exist/blob/develop/extensions/modules/persistentlogin/src/main/resources/org/exist/xquery/modules/persistentlogin/login.xql. Also, I think you'd have a syntax error without quotes around `org.exist.thema`, right? – Joe Wicentowski Sep 08 '19 at 22:10
  • Have you compared the contents of the two applications’ cookies using your browser’s developer tools? Are there any differences? – Joe Wicentowski Sep 09 '19 at 00:38
  • Which version of eXist? – Joe Wicentowski Sep 09 '19 at 01:04
  • @joewiz eXist 4.7 - post updated. – jbrehr Sep 09 '19 at 05:26
  • I compared the two cookies after logging in, both eXide and my app, and they are identical (even the same `JSESSIONID`). btw `org.exist.thema` was a typo only in my post, not in my actual code. – jbrehr Sep 09 '19 at 05:37

1 Answers1

1

According to the source code for the login module, there are two ways to designate the duration for the login session:

  1. Via the $maxAge parameter of the login:set-user function
  2. Via a duration request parameter (which overrides the $maxAge parameter when present)

In your code, you are setting a duration request attribute, not a request parameter; for more on the difference, see this answer. This explains why the login module is completely ignoring your attempts to declare a duration.

To fix your problem, you could either (1) change to the first method:

login:set-user("org.exist.thema", xs:dayTimeDuration("P30D"), false())

... or (2) submit the request parameter in your login form, as eXide does in its login form; see https://github.com/eXist-db/eXide/blob/master/index.html.tmpl#L505-L528.

Joe Wicentowski
  • 5,159
  • 16
  • 26