[geeklog-devel] OAuth and sessions (was: Geeklog 1.8.0)

Dirk Haun dirk at haun-online.de
Tue Apr 26 14:32:33 EDT 2011


Tom wrote:

> You need to use 2 users to reproduce the problem. Your OAuth user and then
> another user which I just use after a few minutes( and when the OAuth user
> has logged in) so that the session table gets flushed when I access
> something on the site.

To clarify:
- log in with OAuth
- wait 2+ minutes
- in a second browser, as an anonymous user, load the site
- in the first browser, refresh and notice that you're logged out

With the patch now, the OAuth user does disappear from the Who's Online block, but after any action on the site (refresh, clicking a link), they're logged in again. In other words, OAuth users now work like normal users.

Didn't try OpenID yet, but this is looking good. Thanks, Tom.

bye, Dirk

P.S. The patch is not up on geeklog.net yet, I was testing locally.




More information about the geeklog-devel mailing list