On 12/17/05, Anil Gangolli <[EMAIL PROTECTED]> wrote: > > Authentication during a post/save draft operation after the session has > timed out no longer works in the trunk. One gets the login page, but > after re-authenticating, one gets a Permission Denied error page. I > verified on my site this didn't happen in 2.0. > > Matt (Raible), perhaps you could make/suggest a quick adjustment to the > Acegi config to correct this? Otherwise I'll file a bug and start > looking at what's going on.
I believe this is a bug in Acegi. There's a fix provided in the following post, but it'd be nice to fix it in Acegi. http://jroller.com/page/agrebnev?entry=how_do_not_lose_data Of course, if we implement an "auto-save" like GMail has, this probably won't be such a big issue. But if we can't fix it, we should probably revert back to CMA as I see this as a huge limitation. For the record, I've been using Acegi Security on my site for the past month and haven't had any issues - or lost any posts. Matt > > One can reproduce this by dropping cookies in Firefox after logging in > and getting to the edit entry page and before submitting, or by changing > the session timeout parameter in the web.xml to a ridiculously small > value and just waiting a bit; it's in minutes; I used 2 in my test. > > --a. > >
