Hi Mark. > Once you have successfully changed the password, you will also need to > do the following (if you havent already)... > > - remove the user from the cache, (if you are caching the credentials)
I'm not using any cache. > - replace the token with the new credentials and update the context holder Yes, this is what I've already done for solving the problem ... but I think that Acegi should manage this kind of "credentials refresh" automatically, because it is not so intuitive and may cause problems to not experienced programmers. Moreover, have you considered my first point? Why does Acegi try to re-authenticate the user, even if it is already authenticated? And why does this happen only sometimes? For example, sometimes I login and change the password, then browse some pages and all works well ... then, without any reason, Acegi fires the authentication process again ... I'll try to investigate and let you know. Thanks, Regards, Sergio B. -- Sergio Bossa (http://sbtourist.blogspot.com/) - Pro-Netics s.r.l. (http://www.pro-netics.com) - Montag, Web Services System for XML Database Interaction (http://montag.sourceforge.net) - QuickNote (http://quicknote.sourceforge.net) ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
