Hi Taher, all,
we already had several discussions about this pattern and the bad
effects we have to suffer from it. As an example, see [1], [2], there
are others.
Appealing and discussing does not seem to work for a a few people so I
am more and more in favor of a general review-then-commit
So here is what happened from my view:
- you committed something which impacts design without taking it to the
community
- we objected to the design and suggested to revert and cooperate on a new
design
- instead you went ahead and immediately committed a new design without
asking anyone for review
I proposed a 1st patch, we discussed it, it was not OK, I agreed, I implemented
the way Taher proposed, we use the RTC, please now review
Thanks
Jacques
Le 19/02/2018 à 20:57, Michael Brohl a écrit :
+1
We are discussing this over and over again. I wonder what's so difficult to
stick to so
+1
We are discussing this over and over again. I wonder what's so difficult
to stick to some basic rules of collaboration.
Am 19.02.18 um 20:48 schrieb Taher Alkhateeb:
Thank you for the work Jacques. I was hoping as stated earlier that you
share the work before committing it since it is an
Thank you for the work Jacques. I was hoping as stated earlier that you
share the work before committing it since it is an architectural decision
that requires community consensus.
On Feb 19, 2018 10:29 PM, "Jacques Le Roux"
wrote:
Done
Jacques
Le 18/02/2018 à 20:33, Jacques Le Roux a écrit :
Done
Jacques
Le 18/02/2018 à 20:33, Jacques Le Roux a écrit :
Taher,
I agree using a property is hackish.
I'll try to implement what you suggest using a keep-autologin-cookie webapp attribute which will be false by default and true for the applications
mentioned below.
I'll check it make s
Taher,
I agree using a property is hackish.
I'll try to implement what you suggest using a keep-autologin-cookie webapp attribute which will be false by default and true for the applications
mentioned below.
I'll check it make sense for webpos before using true there.
Thanks
Jacques
Le 18
Hi Jacques,
I don't think your proposed solution works either. It seems you might
be missing the underlying problem. There are patterns that I see over
and over and I wish we can eliminate them, I will explain the general
patterns and then a suggestion for reasonable solution:
1- Wrong dependency
Thanks for the review Taher,
Sorry I completely forgot this thread. When I wrote the
autoLogoutFromAllBackendSessions() method I let a TODO there
// remove all the autoLoginCookies but if in ecommerce/ecomseo and webpos (it's
done manually there, not sure for webpos TODO: check)
and I remembe
I just checked this code and it looks really worrying to me. You have
hard wired the ecommerce component with logic into the heart of the
framework, I think we need to review the entire body of work and maybe
revert it.
On Sat, Feb 10, 2018 at 2:38 PM, Jacques Le Roux
wrote:
> Le 10/02/2018 à 12:
Le 10/02/2018 à 12:33, Jacques Le Roux a écrit :
Hi,
Almost 6 years ago OFBIZ-4959 "Logout do not remove autoLogin" was created and
I closed as incomplete.
Recently while working on OFBIZ-10206 "Security issue in Token Based Authentication" which followed my work in OFBIZ-9833 "Token Based
Au
11 matches
Mail list logo
