I am authenticating a username/password to a Web App (Windchill Web interface). When I log in the first time with user #1 everything works as expected. When I log in with user #2, it appears that for some links within the interface I am user #1 and others user #2. If i continue to log in with different users, the app gets to a state where it returns an error stating "Unauthorized Access Contact Your System Administrator". At that point, the only way I seem to be able to get back to a clean environment is to restart Tomcat(Restarting Convertigo, killing off the connections, etc. didn't resolve the state).

My questions:

1. For each log in from the same browser window I get the same context in Convertigo. Is this expected?

2. Could this be an issue with how the login/passwords are cached?

3. Is there more than 1 way to authenticate using Convertigo that may fix this issue?

1. For each log in from the same browser window I get the same context in Convertigo. Is this expected?

Yes. For more info on how Convertigo contexts work, have a look at these :

http://doc.convertigo.com/JSPWiki/Wiki.jsp?page=Contexts

and

www.convertigo.com/en/articles/technical...nd-cems-context.html

2. Could this be an issue with how the login/passwords are cached?
Could be. Hard to say right now, I shall have a look at the application in order to know more. But when a stateless transaction is called, the connector sort of renew itself upon reconnection. That means no cookies, no cache... so we should start with a clean slate.

3. Is there more than 1 way to authenticate using Convertigo that may fix this issue?
Possibly. It depends on the target web application. But do you have the same symptom if you close the browser and re-open it ?

Further investigation shows that this issue has already been encountered and solved.
The missing information is that we deal with a basic authentication here (and not the usual login/password fields in a form).

I hereunder copy a solution from our knowledge base that describes what has to be done. The "Force basic" setting is available only for Convertigo versions 5.0.8 and sup.
Also, since basic auth info is stored in the engine, once you set the "Force basic" setting to true, and if you already logged on the website in this work session, you have to restart your studio/server to flush any previous value that could be stored in the engine.

Solution : (from http://www.convertigo.com/en/how-to.html)

How can I manage the basic HTTP authentication with username and password as variables?

There is a special statement to do so. Follow the guidelines:

On your authentication transaction:

* create a TransactionStarted handler
* on this handler add a statement called : Credentials Statement
* set the Force basic setting in the statement to "true"
* add 2 variables on your transaction (for instance user and pwd)
* on the properties of the Credentials Statement, set Password and User properties to the related variables

I don't have a salesforce account to login to see the knowledgebase

I am still having http authentication issues into Windchill web interface. The scenario is that I am trying to use the force basic authentication per the solution. This works correct the first time the application is run.

I am setting new contexts for each new user trying to login (in hopes of getting a clean slate). Each new user still gets logged in as the original login and in some instances, I am seeing partial data from both users. More so, I can enter an invalid user/pwd and it still logs in. (NO doubt that this is partially the target application's behavior, but unfortunately, I have no control over the target app )

Finally, if i do provide a bad login from the start, Convertigo just seems to hang with a white screen. How should invalid logins be handled in Convertigo for basic http authentication?

I am still having http authentication issues into Windchill web interface. The scenario is that I am trying to use the force basic authentication per the solution. This works correct the first time the application is run.

I am setting new contexts for each new user trying to login (in hopes of getting a clean slate). Each new user still gets logged in as the original login and in some instances, I am seeing partial data from both users. More so, I can enter an invalid user/pwd and it still logs in. (NO doubt that this is partially the target application's behavior, but unfortunately, I have no control over the target app )

Finally, if i do provide a bad login from the start, Convertigo just seems to hang with a white screen. How should invalid logins be handled in Convertigo for basic http authentication?