There is something fishy going on with the RememberMe authentication provider. When I log in as a certain user, there are two cookies that are dropped: a RememberMe token cookie, and a JSESSION cookie.
If I delete the JSESSION cookie and try to access an page that requires authentication, the RememberMe authentication provider works just fine and I am re-authenticated (in the process a new JSESSION cookie is dropped). However, if I delete the RememberMe token cookie and try to access a page that requires authentication, ACEGI will pull the existing SecureContext out of the session based on the JSESSION token claim I am authenticated. This behavior is fine except that no new RememberMe token cookie was dropped. What gives? Nathan ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
