This is my big pet peeve with SF 1.0 security. Assuming that the programmer wants the session to time out before the browser window closes. I personally don't feel the need for the time out in most of my applications. I hear that sf 1.1 is fixing that. It's too bad that we won't be upgrading to that anytime soon. :-\
James On Jun 10, 2008, at 12:38 PM, Richtermeister wrote: > > When the session is expired, the user should not be able to access > areas where he / she could do any damange with the remaining session > data. You can enforce that by sending them back to a login screen and > in that action removing the stale data.. > > Hope this helps, > Daniel > > On Jun 10, 1:48 am, CaffeineInc <[EMAIL PROTECTED]> wrote: >> try to include a descriptive subject too. >> >> On Jun 10, 7:49 am, "Birchandra Sanasam" <[EMAIL PROTECTED]> >> wrote: >> >>> Dear All, >> >>> I have a problem that is when the session expired (meaning no >>> logout action >>> was triggered) >>> the user is no longer authenticated but the attributes are still >>> available. >> >>> In this case how can I 'auto-clear' them? How can I run logout >>> action? >> >>> -- >>> Birchandra Sanasam >>> Web Developer & Analyst >>> # +91 9810 191478 > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~----------~----~----~----~------~----~------~--~---
