0

I'm doing a simple login as follows 

    def login() {
          session.auth = true
          redirect(uri: request.getHeader('referer'))
    }

   <g:form controller="login" action="login">
          <input type="password" placeholder="Password" name="password">
          <button type="submit">Submit</button>
   </g:form>

When submitting the user gets logged in an the session is created but if the page is refreshed authentication is lost (when deployed to tomcat 7).

Now this test seems to fail after page refresh

<g:if test="${session.auth}">

Everything works fine when builing with eclipse but breaks down in tomcat.

Does anyone know how can I fix this? I would prefer not to add additional security plugins to the app. Can it be done with cookies or some other way?

Related issue Grails 2.1.0 app tomcat 7.0.22 Session empty after redirect

*I know that it's not secure in any way, it is a temporary solution to mimic logging.

Community
  • 1
  • 1
user3960875
  • 965
  • 1
  • 13
  • 24
  • session is tied to a cookie value usually called JSESSIONID. Examine the cookie value and see if the value being sent to the server is the same. – getbuckts Jul 01 '15 at 22:20
  • cookie value seems to change on every page refresh in tomcat but is always the same when running from eclipse. – user3960875 Jul 02 '15 at 05:02
  • is the browser set to not allow cookies? what browser are you using? – getbuckts Jul 02 '15 at 22:25
  • @getbuckts I'm using chrome. But it seems that it's tomcat's problem because I installed another instace of same tomcat version on separate server and the app runs fine in there. – user3960875 Jul 03 '15 at 06:45

0 Answers0