Cool. Sounds even better. Prolly need to separate (in ExpirationMonitor)
if (session.isDone() || age > maxLoginDurationMillis) {
list.add(session); // to unregister
session.setDone(true);
it.remove();
}
into
if (session.isDone()) {
list.add(session); // to unregister
session.setDone(true);
it.remove();
} else if (age > maxLoginDurationMillis) {
// replace with anon session
// (haven't dug in to find how to create it)
}
- Scott
> -----Original Message-----
> From: David Jencks [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, October 10, 2007 8:56 PM
> To: [email protected]
> Subject: Re: Asking again: No registered context in security
> getCurrentContext() after apps run for two days.
>
> I wonder if it would be appropriate to replace the expired
> context with something representing the "no one" identity?
> then the ACE might occur naturally when "no one" can't do
> something but stuff that
> is actually allowed for an unauthenticated user would still work...
> so I think this would modify the timeout method rather than
> the code you are looking at.
>
> haven't looked into it in detail yet.
>
> thanks
> david jencks
