I fully agree. Acegi should be able to maintain posted data through a login. The other reason to fix this in Acegi and not use the keepalive.jsp is that this situation is technically a problem on any form anywhere in the UI and we can't have the keepalive.jsp included in all of our forms.
-- Allen On Tue, 2006-02-21 at 06:05, David M Johnson wrote: > I'd much rather fix the Acegi POST-through-auth problem than re- > introduce keep-alive. If we do it, we should make it optional so > security conscious installations can turn it off. > > - Dave > > > > On Feb 21, 2006, at 8:32 AM, Lance Lavandowska wrote: > > > Dave and I had a bit of a commit war, where he commented it out, I > > uncommented it, .... > > > > Eventually he won. I'm not certain, but I think his concerns were > > server load and/or that the iframe I was using was unattractive > > (though I did my best to make it look nice). > > > > My 2 bits, obviously, suggest putting it back in. > > > > Lance > > > > On 2/20/06, Allen Gilliland <[EMAIL PROTECTED]> wrote: > >> but is it still used? the only place I see it referenced is in > >> WeblogEdit.jsp and it's commented out. i just checked and it's been > >> commented out since before Roller 1.2 so it hasn't been used for > >> quite a > >> while. > >> > >> -- Allen > >> > >> > >> On Mon, 2006-02-20 at 13:10, Matt Raible wrote: > >>> Lance added this to keep the session alive while editing a blog. I > >>> think it's important especially since Acegi doesn't hold request > >>> parameters though a login. > >>> > >>> Matt > >>> > >>> On 2/20/06, Allen Gilliland <[EMAIL PROTECTED]> wrote: > >>>> this looks like an old and unused session debugging tool, do we > >>>> need to > >>>> keep it? > >>>> > >>>> -- Allen > >>>> > >>>> > >>>> > >> > >> >
