Question about Dataverse login
41 views
Skip to first unread message
joe chow
Mar 29, 2022, 9:19:14 AM3/29/22
to Dataverse Users Community
Hi everyone:
I am current working on a login test. In Dataverse, user can go to the xxx.xxx/loginpage.xhtml and login again after a login.
For example, a user logined via Shibboleth before can login to the login page and login with a Dataverse local account. Also, it is possible to do Shibboleth login after a user logined with a Dataverse local account in the same browser.
For every login, Dataverse invalidates session in changeSessionId. Does it mean the previous logined account has been completely logout in Dataverse when there is a new login? Do I need to do anything to ensure the previous account is completely logout?
Thanks,
Joe
I am current working on a login test. In Dataverse, user can go to the xxx.xxx/loginpage.xhtml and login again after a login.
For example, a user logined via Shibboleth before can login to the login page and login with a Dataverse local account. Also, it is possible to do Shibboleth login after a user logined with a Dataverse local account in the same browser.
For every login, Dataverse invalidates session in changeSessionId. Does it mean the previous logined account has been completely logout in Dataverse when there is a new login? Do I need to do anything to ensure the previous account is completely logout?
Thanks,
Joe
Philip Durbin
Mar 29, 2022, 12:07:10 PM3/29/22
to dataverse...@googlegroups.com
Yes, the old account should be logged out. No, you shouldn't need to do anything to log out the first account. This is handled by the "setUser" method on the DataverseSession object: https://github.com/IQSS/dataverse/blob/v5.10/src/main/java/edu/harvard/iq/dataverse/DataverseSession.java#L128
I hope this helps,
Phil
--
You received this message because you are subscribed to the Google Groups "Dataverse Users Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dataverse-commu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dataverse-community/2f822d8a-7b91-4b03-be65-6af56af9be0cn%40googlegroups.com.
--
Philip Durbin
Software Developer for http://dataverse.org
http://www.iq.harvard.edu/people/philip-durbin
Software Developer for http://dataverse.org
http://www.iq.harvard.edu/people/philip-durbin
joe chow
Mar 30, 2022, 6:07:52 AM3/30/22
to Dataverse Users Community
Thank you very much, Philip.
As it may confuse user if they can do the login again after logined, I am thinking about disallowing login when the user has already logined. It is possible to hide the login form in loginpage.xhtml if the user is authenticated user. However, the user can still go to the URL xxxx.xx/shib.xhtml and do the Shibboleth login. Is it possible to block the Shibboleth login when the user has already login? Thanks.
Joe
Philip Durbin 在 2022年3月30日 星期三上午12:07:10 [UTC+8] 的信中寫道:
Philip Durbin
Mar 30, 2022, 3:55:55 PM3/30/22
to dataverse...@googlegroups.com
Hmm, that's not a bad idea. Please feel free to open an issue about this.
There's a related issue about Private URL. Basically, if you click a Private URL link when you are logged in, you are effectively logged out and then logged in as the Private URL user for that dataset: https://github.com/IQSS/dataverse/issues/6576
To view this discussion on the web visit https://groups.google.com/d/msgid/dataverse-community/7c9f1e7c-e3a7-484d-a342-23f790faddf8n%40googlegroups.com.
Philip Durbin
Mar 31, 2022, 11:09:36 AM3/31/22
to dataverse...@googlegroups.com
Thanks for creating https://github.com/IQSS/dataverse/issues/8560 about this.
Reply all
Reply to author
Forward
0 new messages