Can't logout if logged in with RememberMe cookie (Was Re: ROL-936 Session timeout causes entry post to fail)

[Anil Gangolli <an...@busybuddha.org>]

I had assumed this was a new phenomenon with the acegi-security-1.0.3.jar 
but
I'm seeing this bug in my trunk build even with the current 
acegi-security-1.0.1.jar.

Namely:  Login with RememberMe.  Now try to logout.  You can't.

The code in logout-redirect.jsp seems ineffective in canceling the acegi 
remember-me cookie.

Can anyone else confirm this is not some local problem of mine?  I think we 
need to fix this.

I am moving on to overall testing of my 3.1 installs.

--a.


----- Original Message ----- 
From: "Anil Gangolli" <an...@busybuddha.org>
To: <ro...@incubator.apache.org>; <em...@ncsu.edu>
Cc: <ro...@incubator.apache.org>
Sent: Friday, March 16, 2007 9:22 AM
Subject: Re: ROL-936 Session timeout causes entry post to fail


>
> Still some issues I'm looking at.
>
> I reopened the JIRA issue, only because we aren't yet distributing the 
> 1.0.3 jar ourselves, and we should mark it resolved when we've 
> incorporated it.
>
> I downloaded 1.0.3 and tried it in our trunk build.  I've found one issue 
> that I'm still trying to understand.  Basic login tests (positive and 
> negative cases) and logout work.
>
> However, if I set the Remember Me option at login, explicit logout doesn't 
> work at all.   I'm logged in forever.
>
> Emily, have you noticed this issue with 1.0.3 in your installation?
>
> I still haven't gotten to testing that the timeout issue is in fact 
> resolved.
>
> So I've held off on checkin. Matt, if you have any clues, please let me 
> know.
>
> I think we should continue to distribute 1.0.1 with 3.1 and I hope to get 
> this issue resolved and move to 1.0.3 for future releases.
>
> --a.
>
>
>
>
> ----- Original Message ----- 
> From: "Matt Raible" <ma...@raibledesigns.com>
> To: <em...@ncsu.edu>
> Cc: <ro...@incubator.apache.org>
> Sent: Friday, March 16, 2007 8:02 AM
> Subject: Re: ROL-936 Session timeout causes entry post to fail
>
>
>> I've marked it as fixed.
>>
>> Thanks!
>>
>> Matt
>>
>> On 3/16/07, Emily Lynema <em...@ncsu.edu> wrote:
>>> Matt,
>>>
>>> Thanks. I just popped in the 1.0.3 acegi jar, and the problem is fixed.
>>> The move from 1.0.0 RC2 to 1.0.3 didn't require any adjustments to the
>>> code (org.acegisecurity was already in place).
>>>
>>> Maybe someone should put a note on that issue in Jira and close it out?
>>> Can I just sign up for a Jira account and then do it myself?
>>>
>>> -emily
>>>
>>>
>>> Matt Raible wrote:
>>> > I believe it's fixed in 1.0.1.  However, many of the package names
>>> > changed (net.sf.acegisecurity -> org.acegisecurity) so I don't know if
>>> > it'll be a drop-the-jar-in-and-it-works situation.
>>> >
>>> > Matt
>>> >
>>> > On 3/14/07, Emily Lynema <em...@ncsu.edu> wrote:
>>> >
>>> >> Anyone know if this problem is fixed in version 3.x of roller?
>>> >>
>>> >> http://opensource.atlassian.com/projects/roller/browse/ROL-936
>>> >>
>>> >> We are experiencing this problem on roller 2.1. It sounded like it 
>>> >> might
>>> >> be an Acegi problem, so I checked our WEB-INF/lib and we have the
>>> >> 1.0.0-RC2 acegi-security jar file. If it's an Acegi problem, anybody
>>> >> know what acego version you need for a fix?
>>> >>
>>> >> thanks,
>>> >> -emily
>>> >> --
>>> >> Emily Lynema
>>> >> Systems Librarian for Digital Projects
>>> >> Information Technology, NCSU Libraries
>>> >> 919-513-8031
>>> >> emily_lynema@ncsu.edu
>>> >>
>>> >>
>>> >
>>> >
>>>
>>> --
>>> Emily Lynema
>>> Systems Librarian for Digital Projects
>>> Information Technology, NCSU Libraries
>>> 919-513-8031
>>> emily_lynema@ncsu.edu
>>>
>>>
>>
>>
>> -- 
>> http://raibledesigns.com
>>
>