On Mon, Oct 11, 2010 at 19:02, Thilo-Alexander Ginkel <th...@ginkel.com> wrote:
> ACK. I have set up a test installation based on production data and
> will play around with it a little over the next days to pinpoint what
> exactly went wrong.

After some further investigation it seems that mod_python seems to
recycle request objects, which causes
X509AuthMiddleware.process_request to be invoked with a request, which
has a non-anonymous user. This isn't a big deal as long as all
requests come in with a X509_USERNAME_FIELD in the environment.
However, requests that do not use X.509 authentication will most
likely just inherit the user that is already attached to the request.

I'd appreciate some feedback if that makes any sense and if this
pre-population of the request with an old user identity is intentional
or a defect in some other component.


Want to help the Review Board project? Donate today at 
Happy user? Let us know at http://www.reviewboard.org/users/
To unsubscribe from this group, send email to 
For more options, visit this group at 

Reply via email to