Bug #5709
closedCannot download XML for private datapackages shown in XSL display
0%
Description
Meei-ru pointed out that the data file downloads do work but that you get a permission error ("public not allowed") when attempting to download the EML source (qformat=xml) from the page where you are already viewing the EML (styled by skin).
I traced it down to two things:
1. "sessionid" is not included in the EML download link like it is in the data download link.
2. The default skin login form does not seem to correctly set the session cookie. I expected that in lieu of the sessionid parameter, Metacat would look at my browser cookie for the sessionid and use that. This is the case for the admin login screen and for the dev skin login. Looking briefly at the default skin login, it uses the Metacat client to do the authentication call and then manually set the cookie in the browser (at path "/knb/style/skins/default/"). Using the dev skin, the cookie is set at "/knb").
Updated by ben leinfelder about 12 years ago
Furthermore, I see that on every other refresh of the default skin's index.jsp page I am shown as logged in vs. not.
Updated by ben leinfelder about 12 years ago
I can see how this happens now: when we call the login method action on Metacat, we end up overwriting the session variables that the skin placed and therefore the skin thinks you are not logged in (even though Metacat knows you are, at least if you know your same sessionid -- that statys constant).
Really this whole process should be streamlined so that the MetacatClient is not used and we rely strictly on the action=login method of the servlet.
Updated by ben leinfelder about 12 years ago
The XSL has been updated to include sessionid.
We will not refactor default skin at this time.