I concur that this is a problem, and this worry is one of the things
that keeps me from depending on coda more than I do.
I think the issue can be solved by saying that expired tokens continue
to work locally indefinitely (but that they can still be cleared with
cunlog). This means that even after a brief reconnection they should
work.
Further, this needs to be stored in RVM so that a fresh start of venus
while disconnected (e.g. after a reboot) still works. Yes, I usually
suspend and don't have to do this, but sometimes one wants to or has
to reboot.
To argue that this is reasonable: on a local filesystem, one can
access one's files indefinitely. Over a network, whkle the user's
access at a high-level is valid until revoked, tokens are short-lived
for the same sorts of reasons that kerberos tickets are short-lived
(don't store long-term user keys).
On my laptop, I could certainly go look at files in the cache, so
declining to let me look at them with venus is sort of silly. The
only argument I can think of against the expired-tokens-work-locally
scheme is user separation on a multi-user possibly-disconnected
client. But on such machines, one should cunlog at logout to remove
rights, and perhaps flush all of one's data from the cache, depending
on paranoia level.
--
Greg Troxel <[EMAIL PROTECTED]>
