I think it must be browser-side; although the server was restarted it must have picked up the old session (auth attributes are cached there per-session so a user is not authenticated on every request). I must have failed to clear the relevant bit of my browser cache I think...
Steve > -----Original Message----- > From: Stephen Bayliss [mailto:stephen.bayl...@acuityunlimited.net] > Sent: 09 November 2011 14:53 > To: 'Support and info exchange list for Fedora users.' > Subject: Re: [fcrepo-user] fedora-users.xml being > persistently cached whenserver restarted > > > Thanks Chris > > I'll try and reproduce this again and make sure I wasn't > doing something daft, from a fresh install. (Whatever state > I did get into I couldn't log in with the new password until > I had cleared that file.) > > Steve > > > -----Original Message----- > > From: Chris Wilper [mailto:cwil...@duraspace.org] > > Sent: 09 November 2011 13:19 > > To: Support and info exchange list for Fedora users. > > Subject: Re: [fcrepo-user] fedora-users.xml being > > persistently cached when server restarted > > > > > > Hi Steve, > > > > I tried reproducing your scenario and noticed that upon > > restart, the SESSIONS.ser file was there, and reloading an > > authenticated page from my browser worked without entering a > > new password as long as that SESSIONS.ser file existed. But > > if I opened a new fresh browser with cache cleared, it would > > correctly prompt me again for the password, and only accepted > > the new one. This was without me touching the SESSIONS.ser file. > > > > So it appears that if my browser already has a session > > established under which it has authenticated once, the old > > password still works through that session. > > > > - Chris > > > > On Wed, Nov 9, 2011 at 4:30 AM, Stephen Bayliss > > <stephen.bayl...@acuityunlimited.net> wrote: > > > I'm using Fedora with the embedded Tomcat, FeSL AuthN and AuthZ. > > > > > > I modified my fedora-users.xml (changed admin password), > > but after a > > > server restart it won't accept the new password and is > > still accepting > > > the old one. > > > > > > I removed > > $CATALINA_HOME/work/Catalina/localhost/fedora/SESSIONS.ser > > > and now it's fine - it looks like the fedora-users.xml was being > > > cached there. > > > > > > Can anyone reproduce? Not sure if it is something weird with my > > > installation or if we have a problem here. > > > > > > Steve > > > > > > ---------------------------------------------------------------------- > > > -------- > > > RSA(R) Conference 2012 > > > Save $700 by Nov 18 > > > Register now > > > http://p.sf.net/sfu/rsa-sfdev2dev1 > > > _______________________________________________ > > > Fedora-commons-users mailing list > > > Fedora-commons-users@lists.sourceforge.net > > > https://lists.sourceforge.net/lists/listinfo/fedora-commons-users > > > > > > > > > > -------------------------------------------------------------- > > ---------------- > > RSA(R) Conference 2012 > > Save $700 by Nov 18 > > Register now > > http://p.sf.net/sfu/rsa-sfdev2dev1 > > _______________________________________________ > > Fedora-commons-users mailing list > > Fedora-commons-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/fedora-commons-users > > > > > -------------------------------------------------------------- > ---------------- > RSA(R) Conference 2012 > Save $700 by Nov 18 > Register now > http://p.sf.net/sfu/rsa-sfdev2dev1 > _______________________________________________ > Fedora-commons-users mailing list > Fedora-commons-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/fedora-commons-users > ------------------------------------------------------------------------------ RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1 _______________________________________________ Fedora-commons-users mailing list Fedora-commons-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
