Hello Florian, you might want to ask this question on the jetty mailing list as this seems to be not really specific to BaseX. You most likely also will get a more useful response as we are no jetty experts per se. However, I also couldn't find any HashLoginModule in our default jetty.xml (and I did a quick google search and could find anything), so I am not really sure what you actually do. Might be useful to post the relevant part of your jetty.xml. Btw, in our RestXQ-based applications we mainly use application-defined authentication, i.e. we first check the proper login within each output function, so something like: if(not(_:logged-in())) then () else where _:logged-in() is simply declare function _:logged-in() as xs:boolean { boolean(_:id()) }; and we set the session variable during login. Cheers, Dirk On 08/26/2013 11:25 AM, Florian Eckey wrote:

Hey,

I have a problem with the jetty authentication. I use the HashLoginModule, which is configured in the jetty.xml. The problem is, that I find no way to write the username in the session, so after login I have no username to deal with. Has anyone solved the same or a similar problem? Or are there any tips how to implement a secure login, after that I can use the entered username in the session?

regards

Florian

_______________________________________________ BaseX-Talk mailing list BaseX-Talk@mailman.uni-konstanz.de https://mailman.uni-konstanz.de/mailman/listinfo/basex-talk

-- Dirk Kirsten, BaseX GmbH, http://basex.org |-- Firmensitz: Blarerstrasse 56, 78462 Konstanz |-- Registergericht Freiburg, HRB: 708285, Geschäftsführer: | Dr. Christian Grün, Dr. Alexander Holupirek, Michael Seiferle `-- Phone: 0049 7531 28 28 676, Fax: 0049 7531 20 05 22