On 12.01.12 16:11, Sheldon Ross wrote:
> In order to get around this, we actually update TurbineSecurity (Turbine 2.3)
> and made the save on session unbind look like this.
IMO it's probably easier to modify the
SecurityService.saveOnSessionUnbind() method as this is meant to be
pluggable in Turbine.
> public static void saveOnSessionUnbind(User user)
> throws UnknownEntityException, DataBackendException
> {
> //Get a fresh copy in case user was updated during session
> User fresh = getUser(user.getName());
> fresh.setHasLoggedIn(user.hasLoggedIn());
> fresh.setLastLogin(user.getLastLogin());
> if(fresh != null) getService().saveOnSessionUnbind(fresh);
> }
>
> Makes sure a fresh copy of user data is pulled in before saving, so it
> doesn't overwrite a password/email update on logout.
... but throws away all modifications the user may have done himself.
Especially those in PermStorage which we for example use for preferences
storage. Do you want this?
A clean solution to handle this correctly needs to cover all conflict
situations and probably has to use some sort of locking within the
database. Although all of this is absolutely possible, it's a lot of
effort for a (IMO) rare use case.
Bye, Thomas.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
