RE: TorqueUser synchronization problem

[Sheldon Ross]

You'll have issues updating other user's records using 
TurbineSecurity.saveUser(user) or any other method for that matter. This is 
because if the other user happens to be logged in when you update his user, it 
will be overwritten when that user logs out. 

When someone logs out, the session invalidation automatically saves the user in 
order to update last logged in time. This will overwrite changes made via a 
different user.

In order to get around this, we actually update TurbineSecurity (Turbine 2.3) 
and made the save on session unbind look like this.

 public static void saveOnSessionUnbind(User user)
            throws UnknownEntityException, DataBackendException
    {
        //Get a fresh copy in case user was updated during session
        User fresh = getUser(user.getName());
        fresh.setHasLoggedIn(user.hasLoggedIn());
        fresh.setLastLogin(user.getLastLogin());
        if(fresh != null) getService().saveOnSessionUnbind(fresh);
    }

Makes sure a fresh copy of user data is pulled in before saving, so it doesn't 
overwrite a password/email update on logout.


> From: wef...@gmail.com
> Date: Thu, 12 Jan 2012 03:42:43 +0800
> Subject: Re: TorqueUser synchronization problem
> To: user@turbine.apache.org
> 
> Hello,
> 
> I think the problem could not be solved yet because userB's TorqueUser
> instance is session record, which is cached and should not
> synchronized automatically even if userA modifys his record in
> database.
> 
> Am I right?
> 
> Regards
> 
> Weffen
> 
> 在 2012-1-12，3:37，Thomas Vandahl <t...@apache.org> 写道：
> 
> > On 11.01.12 20:04, Weffen Cheung wrote:
> >> Sometimes I update a user record not only after the user login. For 
> >> example, I want to update userB's record when userA login. For this case, 
> >> we cannot use data.getUser().save(), is it right?
> >
> > Well, there is TurbineSecurity.getUser(userName) which gives you any
> > user from your backend. The clean solution would be to use
> > TurbineSecurity.saveUser(user) then to make your modifications persistent.
> >
> > The only remaining question would be what userB is going to say if userA
> > modifies his email address, IOW a permission issue.
> >
> > Bye, Thomas.
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: user-unsubscr...@turbine.apache.org
> > For additional commands, e-mail: user-h...@turbine.apache.org
> >
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscr...@turbine.apache.org
> For additional commands, e-mail: user-h...@turbine.apache.org
>