Re: ROL-936 Session timeout causes entry post to fail

[Anil Gangolli <an...@busybuddha.org>]

Still some issues I'm looking at.

I reopened the JIRA issue, only because we aren't yet distributing the 1.0.3 
jar ourselves, and we should mark it resolved when we've incorporated it.

I downloaded 1.0.3 and tried it in our trunk build.  I've found one issue 
that I'm still trying to understand.  Basic login tests (positive and 
negative cases) and logout work.

However, if I set the Remember Me option at login, explicit logout doesn't 
work at all.   I'm logged in forever.

Emily, have you noticed this issue with 1.0.3 in your installation?

I still haven't gotten to testing that the timeout issue is in fact 
resolved.

So I've held off on checkin. Matt, if you have any clues, please let me 
know.

I think we should continue to distribute 1.0.1 with 3.1 and I hope to get 
this issue resolved and move to 1.0.3 for future releases.

--a.




----- Original Message ----- 
From: "Matt Raible" <ma...@raibledesigns.com>
To: <em...@ncsu.edu>
Cc: <ro...@incubator.apache.org>
Sent: Friday, March 16, 2007 8:02 AM
Subject: Re: ROL-936 Session timeout causes entry post to fail


> I've marked it as fixed.
>
> Thanks!
>
> Matt
>
> On 3/16/07, Emily Lynema <em...@ncsu.edu> wrote:
>> Matt,
>>
>> Thanks. I just popped in the 1.0.3 acegi jar, and the problem is fixed.
>> The move from 1.0.0 RC2 to 1.0.3 didn't require any adjustments to the
>> code (org.acegisecurity was already in place).
>>
>> Maybe someone should put a note on that issue in Jira and close it out?
>> Can I just sign up for a Jira account and then do it myself?
>>
>> -emily
>>
>>
>> Matt Raible wrote:
>> > I believe it's fixed in 1.0.1.  However, many of the package names
>> > changed (net.sf.acegisecurity -> org.acegisecurity) so I don't know if
>> > it'll be a drop-the-jar-in-and-it-works situation.
>> >
>> > Matt
>> >
>> > On 3/14/07, Emily Lynema <em...@ncsu.edu> wrote:
>> >
>> >> Anyone know if this problem is fixed in version 3.x of roller?
>> >>
>> >> http://opensource.atlassian.com/projects/roller/browse/ROL-936
>> >>
>> >> We are experiencing this problem on roller 2.1. It sounded like it 
>> >> might
>> >> be an Acegi problem, so I checked our WEB-INF/lib and we have the
>> >> 1.0.0-RC2 acegi-security jar file. If it's an Acegi problem, anybody
>> >> know what acego version you need for a fix?
>> >>
>> >> thanks,
>> >> -emily
>> >> --
>> >> Emily Lynema
>> >> Systems Librarian for Digital Projects
>> >> Information Technology, NCSU Libraries
>> >> 919-513-8031
>> >> emily_lynema@ncsu.edu
>> >>
>> >>
>> >
>> >
>>
>> --
>> Emily Lynema
>> Systems Librarian for Digital Projects
>> Information Technology, NCSU Libraries
>> 919-513-8031
>> emily_lynema@ncsu.edu
>>
>>
>
>
> -- 
> http://raibledesigns.com
> 

Can't logout if logged in with RememberMe cookie (Was Re: ROL-936 Session timeout causes entry post to fail)

[Anil Gangolli <an...@busybuddha.org>]

I had assumed this was a new phenomenon with the acegi-security-1.0.3.jar 
but
I'm seeing this bug in my trunk build even with the current 
acegi-security-1.0.1.jar.

Namely:  Login with RememberMe.  Now try to logout.  You can't.

The code in logout-redirect.jsp seems ineffective in canceling the acegi 
remember-me cookie.

Can anyone else confirm this is not some local problem of mine?  I think we 
need to fix this.

I am moving on to overall testing of my 3.1 installs.

--a.


----- Original Message ----- 
From: "Anil Gangolli" <an...@busybuddha.org>
To: <ro...@incubator.apache.org>; <em...@ncsu.edu>
Cc: <ro...@incubator.apache.org>
Sent: Friday, March 16, 2007 9:22 AM
Subject: Re: ROL-936 Session timeout causes entry post to fail


>
> Still some issues I'm looking at.
>
> I reopened the JIRA issue, only because we aren't yet distributing the 
> 1.0.3 jar ourselves, and we should mark it resolved when we've 
> incorporated it.
>
> I downloaded 1.0.3 and tried it in our trunk build.  I've found one issue 
> that I'm still trying to understand.  Basic login tests (positive and 
> negative cases) and logout work.
>
> However, if I set the Remember Me option at login, explicit logout doesn't 
> work at all.   I'm logged in forever.
>
> Emily, have you noticed this issue with 1.0.3 in your installation?
>
> I still haven't gotten to testing that the timeout issue is in fact 
> resolved.
>
> So I've held off on checkin. Matt, if you have any clues, please let me 
> know.
>
> I think we should continue to distribute 1.0.1 with 3.1 and I hope to get 
> this issue resolved and move to 1.0.3 for future releases.
>
> --a.
>
>
>
>
> ----- Original Message ----- 
> From: "Matt Raible" <ma...@raibledesigns.com>
> To: <em...@ncsu.edu>
> Cc: <ro...@incubator.apache.org>
> Sent: Friday, March 16, 2007 8:02 AM
> Subject: Re: ROL-936 Session timeout causes entry post to fail
>
>
>> I've marked it as fixed.
>>
>> Thanks!
>>
>> Matt
>>
>> On 3/16/07, Emily Lynema <em...@ncsu.edu> wrote:
>>> Matt,
>>>
>>> Thanks. I just popped in the 1.0.3 acegi jar, and the problem is fixed.
>>> The move from 1.0.0 RC2 to 1.0.3 didn't require any adjustments to the
>>> code (org.acegisecurity was already in place).
>>>
>>> Maybe someone should put a note on that issue in Jira and close it out?
>>> Can I just sign up for a Jira account and then do it myself?
>>>
>>> -emily
>>>
>>>
>>> Matt Raible wrote:
>>> > I believe it's fixed in 1.0.1.  However, many of the package names
>>> > changed (net.sf.acegisecurity -> org.acegisecurity) so I don't know if
>>> > it'll be a drop-the-jar-in-and-it-works situation.
>>> >
>>> > Matt
>>> >
>>> > On 3/14/07, Emily Lynema <em...@ncsu.edu> wrote:
>>> >
>>> >> Anyone know if this problem is fixed in version 3.x of roller?
>>> >>
>>> >> http://opensource.atlassian.com/projects/roller/browse/ROL-936
>>> >>
>>> >> We are experiencing this problem on roller 2.1. It sounded like it 
>>> >> might
>>> >> be an Acegi problem, so I checked our WEB-INF/lib and we have the
>>> >> 1.0.0-RC2 acegi-security jar file. If it's an Acegi problem, anybody
>>> >> know what acego version you need for a fix?
>>> >>
>>> >> thanks,
>>> >> -emily
>>> >> --
>>> >> Emily Lynema
>>> >> Systems Librarian for Digital Projects
>>> >> Information Technology, NCSU Libraries
>>> >> 919-513-8031
>>> >> emily_lynema@ncsu.edu
>>> >>
>>> >>
>>> >
>>> >
>>>
>>> --
>>> Emily Lynema
>>> Systems Librarian for Digital Projects
>>> Information Technology, NCSU Libraries
>>> 919-513-8031
>>> emily_lynema@ncsu.edu
>>>
>>>
>>
>>
>> -- 
>> http://raibledesigns.com
>>
> 

Re: ROL-936 Session timeout causes entry post to fail

[Anil Gangolli <an...@busybuddha.org>]

I've upgraded the trunk to build with acegi-security-1.0.3.jar and verified 
that it fixes the timeout issue (ROL-936).  I've re-marked the bug as 
resolved.


The Remember Me problem was independent.  I filed it as ROL-1374 and also 
fixed it, but in the trunk.

Both of these trunk fixes will miss 3.1 unless there is another 3.1 RC 
round.   If there's another 3.1 RC built for some other reason, we'll should 
try to incorporate these two fixes.

--a.

----- Original Message ----- 
From: "Emily Lynema" <em...@ncsu.edu>
To: <ro...@incubator.apache.org>
Cc: <ro...@incubator.apache.org>
Sent: Friday, March 16, 2007 11:19 AM
Subject: Re: ROL-936 Session timeout causes entry post to fail


> Anil,
>
> We have our roller authentication wrapped in campus authentication, so we 
> never actually use the roller login page. The info from our campus 
> authentication gets set in a cookie that roller checks and then uses to 
> automatically log you in. So I can't speak to the 'Remember Me' 
> functionality on the login pages. We're also using 2.1, rather than any of 
> the newer versions, so I don't know if that makes a difference.
>
> I've tested the timeout issue. I left a partially completed post open for 
> about 9 hours last night and then submitted it. Roller requested 
> re-authentication, picked the auth data back up from my campus cookie 
> (expires at 10 hours), and completed the post. If I logout explicitly from 
> roller while a post is open, then submit it, it redirects me to the campus 
> authentication and then passes successfully back through to the new entry 
> page.
>
> -emily
>
> Anil Gangolli wrote:
>>
>> Still some issues I'm looking at.
>>
>> I reopened the JIRA issue, only because we aren't yet distributing the 
>> 1.0.3 jar ourselves, and we should mark it resolved when we've 
>> incorporated it.
>>
>> I downloaded 1.0.3 and tried it in our trunk build.  I've found one issue 
>> that I'm still trying to understand.  Basic login tests (positive and 
>> negative cases) and logout work.
>>
>> However, if I set the Remember Me option at login, explicit logout 
>> doesn't work at all.   I'm logged in forever.
>>
>> Emily, have you noticed this issue with 1.0.3 in your installation?
>>
>> I still haven't gotten to testing that the timeout issue is in fact 
>> resolved.
>>
>> So I've held off on checkin. Matt, if you have any clues, please let me 
>> know.
>>
>> I think we should continue to distribute 1.0.1 with 3.1 and I hope to get 
>> this issue resolved and move to 1.0.3 for future releases.
>>
>> --a.
>>
>>
>>
>>
>> ----- Original Message ----- From: "Matt Raible" <ma...@raibledesigns.com>
>> To: <em...@ncsu.edu>
>> Cc: <ro...@incubator.apache.org>
>> Sent: Friday, March 16, 2007 8:02 AM
>> Subject: Re: ROL-936 Session timeout causes entry post to fail
>>
>>
>>> I've marked it as fixed.
>>>
>>> Thanks!
>>>
>>> Matt
>>>
>>> On 3/16/07, Emily Lynema <em...@ncsu.edu> wrote:
>>>
>>>> Matt,
>>>>
>>>> Thanks. I just popped in the 1.0.3 acegi jar, and the problem is fixed.
>>>> The move from 1.0.0 RC2 to 1.0.3 didn't require any adjustments to the
>>>> code (org.acegisecurity was already in place).
>>>>
>>>> Maybe someone should put a note on that issue in Jira and close it out?
>>>> Can I just sign up for a Jira account and then do it myself?
>>>>
>>>> -emily
>>>>
>>>>
>>>> Matt Raible wrote:
>>>> > I believe it's fixed in 1.0.1.  However, many of the package names
>>>> > changed (net.sf.acegisecurity -> org.acegisecurity) so I don't know 
>>>> > if
>>>> > it'll be a drop-the-jar-in-and-it-works situation.
>>>> >
>>>> > Matt
>>>> >
>>>> > On 3/14/07, Emily Lynema <em...@ncsu.edu> wrote:
>>>> >
>>>> >> Anyone know if this problem is fixed in version 3.x of roller?
>>>> >>
>>>> >> http://opensource.atlassian.com/projects/roller/browse/ROL-936
>>>> >>
>>>> >> We are experiencing this problem on roller 2.1. It sounded like it 
>>>> >> might
>>>> >> be an Acegi problem, so I checked our WEB-INF/lib and we have the
>>>> >> 1.0.0-RC2 acegi-security jar file. If it's an Acegi problem, anybody
>>>> >> know what acego version you need for a fix?
>>>> >>
>>>> >> thanks,
>>>> >> -emily
>>>> >> --
>>>> >> Emily Lynema
>>>> >> Systems Librarian for Digital Projects
>>>> >> Information Technology, NCSU Libraries
>>>> >> 919-513-8031
>>>> >> emily_lynema@ncsu.edu
>>>> >>
>>>> >>
>>>> >
>>>> >
>>>>
>>>> -- 
>>>> Emily Lynema
>>>> Systems Librarian for Digital Projects
>>>> Information Technology, NCSU Libraries
>>>> 919-513-8031
>>>> emily_lynema@ncsu.edu
>>>>
>>>>
>>>
>>>
>>> -- 
>>> http://raibledesigns.com
>>>
>>
>
> -- 
> Emily Lynema
> Systems Librarian for Digital Projects
> Information Technology, NCSU Libraries
> 919-513-8031
> emily_lynema@ncsu.edu
> 

Re: ROL-936 Session timeout causes entry post to fail

[Anil Gangolli <an...@busybuddha.org>]

I've upgraded the trunk to build with acegi-security-1.0.3.jar and verified 
that it fixes the timeout issue (ROL-936).  I've re-marked the bug as 
resolved.


The Remember Me problem was independent.  I filed it as ROL-1374 and also 
fixed it, but in the trunk.

Both of these trunk fixes will miss 3.1 unless there is another 3.1 RC 
round.   If there's another 3.1 RC built for some other reason, we'll should 
try to incorporate these two fixes.

--a.

----- Original Message ----- 
From: "Emily Lynema" <em...@ncsu.edu>
To: <ro...@incubator.apache.org>
Cc: <ro...@incubator.apache.org>
Sent: Friday, March 16, 2007 11:19 AM
Subject: Re: ROL-936 Session timeout causes entry post to fail


> Anil,
>
> We have our roller authentication wrapped in campus authentication, so we 
> never actually use the roller login page. The info from our campus 
> authentication gets set in a cookie that roller checks and then uses to 
> automatically log you in. So I can't speak to the 'Remember Me' 
> functionality on the login pages. We're also using 2.1, rather than any of 
> the newer versions, so I don't know if that makes a difference.
>
> I've tested the timeout issue. I left a partially completed post open for 
> about 9 hours last night and then submitted it. Roller requested 
> re-authentication, picked the auth data back up from my campus cookie 
> (expires at 10 hours), and completed the post. If I logout explicitly from 
> roller while a post is open, then submit it, it redirects me to the campus 
> authentication and then passes successfully back through to the new entry 
> page.
>
> -emily
>
> Anil Gangolli wrote:
>>
>> Still some issues I'm looking at.
>>
>> I reopened the JIRA issue, only because we aren't yet distributing the 
>> 1.0.3 jar ourselves, and we should mark it resolved when we've 
>> incorporated it.
>>
>> I downloaded 1.0.3 and tried it in our trunk build.  I've found one issue 
>> that I'm still trying to understand.  Basic login tests (positive and 
>> negative cases) and logout work.
>>
>> However, if I set the Remember Me option at login, explicit logout 
>> doesn't work at all.   I'm logged in forever.
>>
>> Emily, have you noticed this issue with 1.0.3 in your installation?
>>
>> I still haven't gotten to testing that the timeout issue is in fact 
>> resolved.
>>
>> So I've held off on checkin. Matt, if you have any clues, please let me 
>> know.
>>
>> I think we should continue to distribute 1.0.1 with 3.1 and I hope to get 
>> this issue resolved and move to 1.0.3 for future releases.
>>
>> --a.
>>
>>
>>
>>
>> ----- Original Message ----- From: "Matt Raible" <ma...@raibledesigns.com>
>> To: <em...@ncsu.edu>
>> Cc: <ro...@incubator.apache.org>
>> Sent: Friday, March 16, 2007 8:02 AM
>> Subject: Re: ROL-936 Session timeout causes entry post to fail
>>
>>
>>> I've marked it as fixed.
>>>
>>> Thanks!
>>>
>>> Matt
>>>
>>> On 3/16/07, Emily Lynema <em...@ncsu.edu> wrote:
>>>
>>>> Matt,
>>>>
>>>> Thanks. I just popped in the 1.0.3 acegi jar, and the problem is fixed.
>>>> The move from 1.0.0 RC2 to 1.0.3 didn't require any adjustments to the
>>>> code (org.acegisecurity was already in place).
>>>>
>>>> Maybe someone should put a note on that issue in Jira and close it out?
>>>> Can I just sign up for a Jira account and then do it myself?
>>>>
>>>> -emily
>>>>
>>>>
>>>> Matt Raible wrote:
>>>> > I believe it's fixed in 1.0.1.  However, many of the package names
>>>> > changed (net.sf.acegisecurity -> org.acegisecurity) so I don't know 
>>>> > if
>>>> > it'll be a drop-the-jar-in-and-it-works situation.
>>>> >
>>>> > Matt
>>>> >
>>>> > On 3/14/07, Emily Lynema <em...@ncsu.edu> wrote:
>>>> >
>>>> >> Anyone know if this problem is fixed in version 3.x of roller?
>>>> >>
>>>> >> http://opensource.atlassian.com/projects/roller/browse/ROL-936
>>>> >>
>>>> >> We are experiencing this problem on roller 2.1. It sounded like it 
>>>> >> might
>>>> >> be an Acegi problem, so I checked our WEB-INF/lib and we have the
>>>> >> 1.0.0-RC2 acegi-security jar file. If it's an Acegi problem, anybody
>>>> >> know what acego version you need for a fix?
>>>> >>
>>>> >> thanks,
>>>> >> -emily
>>>> >> --
>>>> >> Emily Lynema
>>>> >> Systems Librarian for Digital Projects
>>>> >> Information Technology, NCSU Libraries
>>>> >> 919-513-8031
>>>> >> emily_lynema@ncsu.edu
>>>> >>
>>>> >>
>>>> >
>>>> >
>>>>
>>>> -- 
>>>> Emily Lynema
>>>> Systems Librarian for Digital Projects
>>>> Information Technology, NCSU Libraries
>>>> 919-513-8031
>>>> emily_lynema@ncsu.edu
>>>>
>>>>
>>>
>>>
>>> -- 
>>> http://raibledesigns.com
>>>
>>
>
> -- 
> Emily Lynema
> Systems Librarian for Digital Projects
> Information Technology, NCSU Libraries
> 919-513-8031
> emily_lynema@ncsu.edu
> 

Re: ROL-936 Session timeout causes entry post to fail

[Emily Lynema <em...@ncsu.edu>]

Anil,

We have our roller authentication wrapped in campus authentication, so 
we never actually use the roller login page. The info from our campus 
authentication gets set in a cookie that roller checks and then uses to 
automatically log you in. So I can't speak to the 'Remember Me' 
functionality on the login pages. We're also using 2.1, rather than any 
of the newer versions, so I don't know if that makes a difference.

I've tested the timeout issue. I left a partially completed post open 
for about 9 hours last night and then submitted it. Roller requested 
re-authentication, picked the auth data back up from my campus cookie 
(expires at 10 hours), and completed the post. If I logout explicitly 
from roller while a post is open, then submit it, it redirects me to the 
campus authentication and then passes successfully back through to the 
new entry page.

-emily

Anil Gangolli wrote:
> 
> Still some issues I'm looking at.
> 
> I reopened the JIRA issue, only because we aren't yet distributing the 
> 1.0.3 jar ourselves, and we should mark it resolved when we've 
> incorporated it.
> 
> I downloaded 1.0.3 and tried it in our trunk build.  I've found one 
> issue that I'm still trying to understand.  Basic login tests (positive 
> and negative cases) and logout work.
> 
> However, if I set the Remember Me option at login, explicit logout 
> doesn't work at all.   I'm logged in forever.
> 
> Emily, have you noticed this issue with 1.0.3 in your installation?
> 
> I still haven't gotten to testing that the timeout issue is in fact 
> resolved.
> 
> So I've held off on checkin. Matt, if you have any clues, please let me 
> know.
> 
> I think we should continue to distribute 1.0.1 with 3.1 and I hope to 
> get this issue resolved and move to 1.0.3 for future releases.
> 
> --a.
> 
> 
> 
> 
> ----- Original Message ----- From: "Matt Raible" <ma...@raibledesigns.com>
> To: <em...@ncsu.edu>
> Cc: <ro...@incubator.apache.org>
> Sent: Friday, March 16, 2007 8:02 AM
> Subject: Re: ROL-936 Session timeout causes entry post to fail
> 
> 
>> I've marked it as fixed.
>>
>> Thanks!
>>
>> Matt
>>
>> On 3/16/07, Emily Lynema <em...@ncsu.edu> wrote:
>>
>>> Matt,
>>>
>>> Thanks. I just popped in the 1.0.3 acegi jar, and the problem is fixed.
>>> The move from 1.0.0 RC2 to 1.0.3 didn't require any adjustments to the
>>> code (org.acegisecurity was already in place).
>>>
>>> Maybe someone should put a note on that issue in Jira and close it out?
>>> Can I just sign up for a Jira account and then do it myself?
>>>
>>> -emily
>>>
>>>
>>> Matt Raible wrote:
>>> > I believe it's fixed in 1.0.1.  However, many of the package names
>>> > changed (net.sf.acegisecurity -> org.acegisecurity) so I don't know if
>>> > it'll be a drop-the-jar-in-and-it-works situation.
>>> >
>>> > Matt
>>> >
>>> > On 3/14/07, Emily Lynema <em...@ncsu.edu> wrote:
>>> >
>>> >> Anyone know if this problem is fixed in version 3.x of roller?
>>> >>
>>> >> http://opensource.atlassian.com/projects/roller/browse/ROL-936
>>> >>
>>> >> We are experiencing this problem on roller 2.1. It sounded like it 
>>> >> might
>>> >> be an Acegi problem, so I checked our WEB-INF/lib and we have the
>>> >> 1.0.0-RC2 acegi-security jar file. If it's an Acegi problem, anybody
>>> >> know what acego version you need for a fix?
>>> >>
>>> >> thanks,
>>> >> -emily
>>> >> --
>>> >> Emily Lynema
>>> >> Systems Librarian for Digital Projects
>>> >> Information Technology, NCSU Libraries
>>> >> 919-513-8031
>>> >> emily_lynema@ncsu.edu
>>> >>
>>> >>
>>> >
>>> >
>>>
>>> -- 
>>> Emily Lynema
>>> Systems Librarian for Digital Projects
>>> Information Technology, NCSU Libraries
>>> 919-513-8031
>>> emily_lynema@ncsu.edu
>>>
>>>
>>
>>
>> -- 
>> http://raibledesigns.com
>>
> 

-- 
Emily Lynema
Systems Librarian for Digital Projects
Information Technology, NCSU Libraries
919-513-8031
emily_lynema@ncsu.edu

Re: ROL-936 Session timeout causes entry post to fail

[Matt Raible <ma...@raibledesigns.com>]

On 3/16/07, Anil Gangolli <an...@busybuddha.org> wrote:
>
> Still some issues I'm looking at.
>
> I reopened the JIRA issue, only because we aren't yet distributing the 1.0.3
> jar ourselves, and we should mark it resolved when we've incorporated it.
>
> I downloaded 1.0.3 and tried it in our trunk build.  I've found one issue
> that I'm still trying to understand.  Basic login tests (positive and
> negative cases) and logout work.
>
> However, if I set the Remember Me option at login, explicit logout doesn't
> work at all.   I'm logged in forever.

We had this problem in AppFuse with the LogoutFilter.  In the latest
release, we've reverted to using a logout.jsp.

Matt

>
> Emily, have you noticed this issue with 1.0.3 in your installation?
>
> I still haven't gotten to testing that the timeout issue is in fact
> resolved.
>
> So I've held off on checkin. Matt, if you have any clues, please let me
> know.
>
> I think we should continue to distribute 1.0.1 with 3.1 and I hope to get
> this issue resolved and move to 1.0.3 for future releases.
>
> --a.
>
>
>
>
> ----- Original Message -----
> From: "Matt Raible" <ma...@raibledesigns.com>
> To: <em...@ncsu.edu>
> Cc: <ro...@incubator.apache.org>
> Sent: Friday, March 16, 2007 8:02 AM
> Subject: Re: ROL-936 Session timeout causes entry post to fail
>
>
> > I've marked it as fixed.
> >
> > Thanks!
> >
> > Matt
> >
> > On 3/16/07, Emily Lynema <em...@ncsu.edu> wrote:
> >> Matt,
> >>
> >> Thanks. I just popped in the 1.0.3 acegi jar, and the problem is fixed.
> >> The move from 1.0.0 RC2 to 1.0.3 didn't require any adjustments to the
> >> code (org.acegisecurity was already in place).
> >>
> >> Maybe someone should put a note on that issue in Jira and close it out?
> >> Can I just sign up for a Jira account and then do it myself?
> >>
> >> -emily
> >>
> >>
> >> Matt Raible wrote:
> >> > I believe it's fixed in 1.0.1.  However, many of the package names
> >> > changed (net.sf.acegisecurity -> org.acegisecurity) so I don't know if
> >> > it'll be a drop-the-jar-in-and-it-works situation.
> >> >
> >> > Matt
> >> >
> >> > On 3/14/07, Emily Lynema <em...@ncsu.edu> wrote:
> >> >
> >> >> Anyone know if this problem is fixed in version 3.x of roller?
> >> >>
> >> >> http://opensource.atlassian.com/projects/roller/browse/ROL-936
> >> >>
> >> >> We are experiencing this problem on roller 2.1. It sounded like it
> >> >> might
> >> >> be an Acegi problem, so I checked our WEB-INF/lib and we have the
> >> >> 1.0.0-RC2 acegi-security jar file. If it's an Acegi problem, anybody
> >> >> know what acego version you need for a fix?
> >> >>
> >> >> thanks,
> >> >> -emily
> >> >> --
> >> >> Emily Lynema
> >> >> Systems Librarian for Digital Projects
> >> >> Information Technology, NCSU Libraries
> >> >> 919-513-8031
> >> >> emily_lynema@ncsu.edu
> >> >>
> >> >>
> >> >
> >> >
> >>
> >> --
> >> Emily Lynema
> >> Systems Librarian for Digital Projects
> >> Information Technology, NCSU Libraries
> >> 919-513-8031
> >> emily_lynema@ncsu.edu
> >>
> >>
> >
> >
> > --
> > http://raibledesigns.com
> >
>
>


-- 
http://raibledesigns.com

Re: ROL-936 Session timeout causes entry post to fail

[Emily Lynema <em...@ncsu.edu>]

Anil,

We have our roller authentication wrapped in campus authentication, so 
we never actually use the roller login page. The info from our campus 
authentication gets set in a cookie that roller checks and then uses to 
automatically log you in. So I can't speak to the 'Remember Me' 
functionality on the login pages. We're also using 2.1, rather than any 
of the newer versions, so I don't know if that makes a difference.

I've tested the timeout issue. I left a partially completed post open 
for about 9 hours last night and then submitted it. Roller requested 
re-authentication, picked the auth data back up from my campus cookie 
(expires at 10 hours), and completed the post. If I logout explicitly 
from roller while a post is open, then submit it, it redirects me to the 
campus authentication and then passes successfully back through to the 
new entry page.

-emily

Anil Gangolli wrote:
> 
> Still some issues I'm looking at.
> 
> I reopened the JIRA issue, only because we aren't yet distributing the 
> 1.0.3 jar ourselves, and we should mark it resolved when we've 
> incorporated it.
> 
> I downloaded 1.0.3 and tried it in our trunk build.  I've found one 
> issue that I'm still trying to understand.  Basic login tests (positive 
> and negative cases) and logout work.
> 
> However, if I set the Remember Me option at login, explicit logout 
> doesn't work at all.   I'm logged in forever.
> 
> Emily, have you noticed this issue with 1.0.3 in your installation?
> 
> I still haven't gotten to testing that the timeout issue is in fact 
> resolved.
> 
> So I've held off on checkin. Matt, if you have any clues, please let me 
> know.
> 
> I think we should continue to distribute 1.0.1 with 3.1 and I hope to 
> get this issue resolved and move to 1.0.3 for future releases.
> 
> --a.
> 
> 
> 
> 
> ----- Original Message ----- From: "Matt Raible" <ma...@raibledesigns.com>
> To: <em...@ncsu.edu>
> Cc: <ro...@incubator.apache.org>
> Sent: Friday, March 16, 2007 8:02 AM
> Subject: Re: ROL-936 Session timeout causes entry post to fail
> 
> 
>> I've marked it as fixed.
>>
>> Thanks!
>>
>> Matt
>>
>> On 3/16/07, Emily Lynema <em...@ncsu.edu> wrote:
>>
>>> Matt,
>>>
>>> Thanks. I just popped in the 1.0.3 acegi jar, and the problem is fixed.
>>> The move from 1.0.0 RC2 to 1.0.3 didn't require any adjustments to the
>>> code (org.acegisecurity was already in place).
>>>
>>> Maybe someone should put a note on that issue in Jira and close it out?
>>> Can I just sign up for a Jira account and then do it myself?
>>>
>>> -emily
>>>
>>>
>>> Matt Raible wrote:
>>> > I believe it's fixed in 1.0.1.  However, many of the package names
>>> > changed (net.sf.acegisecurity -> org.acegisecurity) so I don't know if
>>> > it'll be a drop-the-jar-in-and-it-works situation.
>>> >
>>> > Matt
>>> >
>>> > On 3/14/07, Emily Lynema <em...@ncsu.edu> wrote:
>>> >
>>> >> Anyone know if this problem is fixed in version 3.x of roller?
>>> >>
>>> >> http://opensource.atlassian.com/projects/roller/browse/ROL-936
>>> >>
>>> >> We are experiencing this problem on roller 2.1. It sounded like it 
>>> >> might
>>> >> be an Acegi problem, so I checked our WEB-INF/lib and we have the
>>> >> 1.0.0-RC2 acegi-security jar file. If it's an Acegi problem, anybody
>>> >> know what acego version you need for a fix?
>>> >>
>>> >> thanks,
>>> >> -emily
>>> >> --
>>> >> Emily Lynema
>>> >> Systems Librarian for Digital Projects
>>> >> Information Technology, NCSU Libraries
>>> >> 919-513-8031
>>> >> emily_lynema@ncsu.edu
>>> >>
>>> >>
>>> >
>>> >
>>>
>>> -- 
>>> Emily Lynema
>>> Systems Librarian for Digital Projects
>>> Information Technology, NCSU Libraries
>>> 919-513-8031
>>> emily_lynema@ncsu.edu
>>>
>>>
>>
>>
>> -- 
>> http://raibledesigns.com
>>
> 

-- 
Emily Lynema
Systems Librarian for Digital Projects
Information Technology, NCSU Libraries
919-513-8031
emily_lynema@ncsu.edu