Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: Aquidneck
-
Fix Version/s: 2.0.0, sprint 11: 10-31-2012, Aquidneck
-
Component/s: Reseller UI
-
Labels:None
-
Environment:
SAPI 171 and UI 165
-
Sprint:Sprint 11
Description
When a user is logged in a security token is created. That token is getting stored in either a browsers 'LocalStorage' data store, or into a cookie if LocalStorage isn't available.
The existence of that value is used when determining if a user should be displayed a login box or not. We need to insure that the security token is stored in such a way that we can support (1) multiple realms concurrently, and (2) security tokens from one realm isn't mistakenly used for a different realm.
Realm Selection:
There are 2 ways to select a realm:
1) The normal mechanism for Realm selection is to visit admax local with a different subdomain, e.g. the optus realm is accessed by visiting optus.admaxlocal.com, whereas the yell realm by going to yell.admaxlocal.com.
2) We do support forcing the realm via a query string parameter, e.g. ?realm=optus, which can mean that a single URL could represent multiple realms. It isn't clear that the second mechanism is something we want to support in production, however it is in place currently, so should be supported.
The second mechanism isn't working currently. If you log into 'optus' realm, then open another browser tab and log into 'thesearchagency' realm, the attempt to log into 'thesearchagency' will skip the login page, and show that you are logged in as the optus reseller.
