team,
just before the holidays, Dave and I discovered a rather unfortunate bug
created by the way the current comment authenticators work coupled with
how our page caching works. basically, because the comment
authenticators actually embed their html in the page at rendering time
the comment authentication cannot work on a cached page because the page
will display an old and false cached version of the authenticator html.
the problem has technically existed for quite a long time, however it
wasn't noticed because in the past we used to have the old /comments/*
urls and we also didn't have the option of a non-expiring cache. now
that we allow any page to potentially be cached for a long time we need
a way to allow the comment authentication to remain dynamic.
my initial thoughts are to use a little AJAX that will call back to a
servlet and ask how to authenticate. i don't have a proposal yet, but i
figured i'd ask around first and see if anyone has any other ideas of
how to tackle this.
jira issue is open here ...
http://opensource2.atlassian.com/projects/roller/browse/ROL-935
-- Allen
