M
Mike Fechner
Guest
[quote user="Peter Judge"] I would expect what you're seeing in 11.6 since the Spring Security layer is in charge of creating and managing/storing the token (C-P). If you want a different domain then I would expect a whole new authentication process to happen since domains are the cornerstone of OE security. [/quote] That is the response I was afraid of getting ... [quote user="Peter Judge"] If "new login company" means "change some attributes/properties but the domain stays the same" then we/OE may want to look further into storing a changed CP under the same key (ie the JSESSIONID). [/quote] I'm using what's currently there in the CP: username and domain and domain translates into a company. So in order to change the company (without needing to re-authenticate the user) I was hoping to replace the CP (which is managed and stored by the sping/rest manager stuff) with a CP with the new values. So if I get you right - that would require an OE product enhancement? May it be the ability to replace the CP or have additional attributes that spring or the rest manager store for us? So going with the session-id from the CP and storing the actual login company in a session context DB table might be a quick fix then until that enhancement might be implemented?
Continue reading...
Continue reading...