In my element implementation the MemorySessionValidator (here:
http://rifers.org/paste/show/1294#051 ) is not really used,
I think I can scrap it from the code.
What is it supposed to do?
It is supposed to be able to validate an active authentication
session in one back-end (database) query, without having to query the
session manager and credentials manager independently. More
information here:
http://rifers.org/docs/api/com/uwyn/rife/authentication/
SessionValidator.html
You're right, in your code it doesn't seem to be used.
However, you're not validating the session either, you're simply
continuing. This means that if the time-out period is expired, or the
user's permissions have been revoked, they still continue to have
access as long as they have an authentication session cookie. With
the validator this is not the case, since it does these checks each
and every time.
Best regards,
Geert
--
Geert Bevin
Uwyn "Use what you need" - http://uwyn.com
RIFE Java application framework - http://rifers.org
Music and words - http://gbevin.com
_______________________________________________
Rife-users mailing list
[email protected]
http://lists.uwyn.com/mailman/listinfo/rife-users
