I was hoping there was a quick fix. I'd rather not abandon Acegi for
this. I'll file a bug and we can try to figure out how to approach
this. --a.
Matt Raible wrote:
On 12/17/05, Anil Gangolli <[EMAIL PROTECTED]> wrote:
Authentication during a post/save draft operation after the session has
timed out no longer works in the trunk. One gets the login page, but
after re-authenticating, one gets a Permission Denied error page. I
verified on my site this didn't happen in 2.0.
Matt (Raible), perhaps you could make/suggest a quick adjustment to the
Acegi config to correct this? Otherwise I'll file a bug and start
looking at what's going on.
I believe this is a bug in Acegi. There's a fix provided in the
following post, but it'd be nice to fix it in Acegi.
http://jroller.com/page/agrebnev?entry=how_do_not_lose_data
Of course, if we implement an "auto-save" like GMail has, this
probably won't be such a big issue. But if we can't fix it, we should
probably revert back to CMA as I see this as a huge limitation.
For the record, I've been using Acegi Security on my site for the past
month and haven't had any issues - or lost any posts.
Matt
One can reproduce this by dropping cookies in Firefox after logging in
and getting to the edit entry page and before submitting, or by changing
the session timeout parameter in the web.xml to a ridiculously small
value and just waiting a bit; it's in minutes; I used 2 in my test.
--a.
