authentication/timeout bug in the trunk sources

[Anil Gangolli <an...@busybuddha.org>]

Authentication during a post/save draft operation after the session has 
timed out no longer works in the trunk.  One gets the login page, but 
after re-authenticating, one gets a Permission Denied error page.  I 
verified on my site this didn't happen in 2.0.

Matt (Raible), perhaps you could make/suggest a quick adjustment to the 
Acegi config to correct this?  Otherwise I'll file a bug and start 
looking at what's going on.

One can reproduce this by dropping cookies in Firefox after logging in 
and getting to the edit entry page and before submitting, or by changing 
the session timeout parameter in the web.xml to a ridiculously small 
value and just waiting a bit; it's in minutes; I used 2 in my test.

--a.

Re: authentication/timeout bug in the trunk sources

[Anil Gangolli <an...@busybuddha.org>]

I was hoping there was a quick fix.  I'd rather not abandon Acegi for 
this.  I'll file a bug and we can try to figure out how to approach 
this.  --a.

Matt Raible wrote:

>On 12/17/05, Anil Gangolli <an...@busybuddha.org> wrote:
>  
>
>>Authentication during a post/save draft operation after the session has
>>timed out no longer works in the trunk.  One gets the login page, but
>>after re-authenticating, one gets a Permission Denied error page.  I
>>verified on my site this didn't happen in 2.0.
>>
>>Matt (Raible), perhaps you could make/suggest a quick adjustment to the
>>Acegi config to correct this?  Otherwise I'll file a bug and start
>>looking at what's going on.
>>    
>>
>
>I believe this is a bug in Acegi.  There's a fix provided in the
>following post, but it'd be nice to fix it in Acegi.
>
>http://jroller.com/page/agrebnev?entry=how_do_not_lose_data
>
>Of course, if we implement an "auto-save" like GMail has, this
>probably won't be such a big issue.  But if we can't fix it, we should
>probably revert back to CMA as I see this as a huge limitation.
>
>For the record, I've been using Acegi Security on my site for the past
>month and haven't had any issues - or lost any posts.
>
>Matt
>  
>
>>One can reproduce this by dropping cookies in Firefox after logging in
>>and getting to the edit entry page and before submitting, or by changing
>>the session timeout parameter in the web.xml to a ridiculously small
>>value and just waiting a bit; it's in minutes; I used 2 in my test.
>>
>>--a.
>>
>>
>>    
>>
>
>
>  
>

Re: authentication/timeout bug in the trunk sources

[Matt Raible <mr...@gmail.com>]

On 12/17/05, Anil Gangolli <an...@busybuddha.org> wrote:
>
> Authentication during a post/save draft operation after the session has
> timed out no longer works in the trunk.  One gets the login page, but
> after re-authenticating, one gets a Permission Denied error page.  I
> verified on my site this didn't happen in 2.0.
>
> Matt (Raible), perhaps you could make/suggest a quick adjustment to the
> Acegi config to correct this?  Otherwise I'll file a bug and start
> looking at what's going on.

I believe this is a bug in Acegi.  There's a fix provided in the
following post, but it'd be nice to fix it in Acegi.

http://jroller.com/page/agrebnev?entry=how_do_not_lose_data

Of course, if we implement an "auto-save" like GMail has, this
probably won't be such a big issue.  But if we can't fix it, we should
probably revert back to CMA as I see this as a huge limitation.

For the record, I've been using Acegi Security on my site for the past
month and haven't had any issues - or lost any posts.

Matt
>
> One can reproduce this by dropping cookies in Firefox after logging in
> and getting to the edit entry page and before submitting, or by changing
> the session timeout parameter in the web.xml to a ridiculously small
> value and just waiting a bit; it's in minutes; I used 2 in my test.
>
> --a.
>
>