[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Consumer cookie handling use cases
Hello all, Sorry to take so long to get the use-cases out for this. As I understand the issue, we have a mis-match between different consumers' handling of cookies set by producer portlets and how they are shared with other producers accessed by the consumer for the same user. Use case 1: sharing cookies with other producers. A consumer is consuming portlets from producer A and producer B; if one of the portlets on producer A sets an authentication cookie for single-sign-on functionality, portlets on producer B would want to receive that cookie to prevent the user from having to authenticate with a portlet on producer B as well. Use case 2: isolating cookies to individual producers A consumer is consuming portlets from producer C and producer D. A portlet on producer C may set the same cookie name (with different semantics) as a portlet on producer D; these cookies ideally would not collide but be provided to each producer as they were set for that producer. Alternately, producer C and D may be from different organizations, and authentication-type cookies should not be shared between the producers for security reasons. I believe both are valid use-cases. Kevin
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]