A workaround for this symptom was added to repoze.who 1.0.14 (contributed by
Gustavo Narea) which allows the auth_tkt configuration to specify a
userid_checker. If you pass a callable in to the auth_tkt identifier
plugin's
constructor, that callable will be called with the userid; if it returns True,
it means that the user still exists. If it returns false, it means the user no
longer exists (and credentials will not be accepted). I'm not sure how you'd
integrate this into Turbogears/repoze.what, but the feature now exists.
- C
On 6/26/09 6:48 PM, alexbodn.gro...@gmail.com wrote:
hello friends,
it goes like this:
i'm logging in to a turbogears app.
then i stop the app, create a new app and start the new one, that
doesn't have the previously logged in user yet in it's db.
when opening a page from the new app, it shows like i'm still logged in
(i didn't close the browser, hence the session is somehow reused)
i'd rather check for the mere existence of the remembered user on each
controller access, wouldn't you?
___
Repoze-dev mailing list
Repoze-dev@lists.repoze.org
http://lists.repoze.org/listinfo/repoze-dev
___
Repoze-dev mailing list
Repoze-dev@lists.repoze.org
http://lists.repoze.org/listinfo/repoze-dev