On Mon, Oct 11, 2010 at 19:02, Thilo-Alexander Ginkel <th...@ginkel.com> wrote: > ACK. I have set up a test installation based on production data and > will play around with it a little over the next days to pinpoint what > exactly went wrong.
After some further investigation it seems that mod_python seems to recycle request objects, which causes X509AuthMiddleware.process_request to be invoked with a request, which has a non-anonymous user. This isn't a big deal as long as all requests come in with a X509_USERNAME_FIELD in the environment. However, requests that do not use X.509 authentication will most likely just inherit the user that is already attached to the request. I'd appreciate some feedback if that makes any sense and if this pre-population of the request with an old user identity is intentional or a defect in some other component. Regards, Thilo -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~----------~----~----~----~------~----~------~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en