[geeklog-devel] OAuth and sessions (was: Geeklog 1.8.0)

Tom websitemaster at cogeco.net
Thu Apr 28 10:21:08 EDT 2011

>> Didn't try OpenID yet, but this is looking good

Have you tried OpenID?

Also for updating the user table with passwords do you think it will be okay
if I update any record that doesn't have a password and a NULL in the
remoteservice column? I didn't have time to double check the 3rd Party login
stuff but if they are missing a password then the bug will affect them as


-----Original Message-----
From: geeklog-devel-bounces at lists.geeklog.net
[mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Dirk Haun
Sent: April-26-11 2:33 PM
To: Geeklog Development
Subject: Re: [geeklog-devel] OAuth and sessions (was: Geeklog 1.8.0)

Tom wrote:

> You need to use 2 users to reproduce the problem. Your OAuth user and 
> then another user which I just use after a few minutes( and when the 
> OAuth user has logged in) so that the session table gets flushed when 
> I access something on the site.

To clarify:
- log in with OAuth
- wait 2+ minutes
- in a second browser, as an anonymous user, load the site
- in the first browser, refresh and notice that you're logged out

With the patch now, the OAuth user does disappear from the Who's Online
block, but after any action on the site (refresh, clicking a link), they're
logged in again. In other words, OAuth users now work like normal users.

Didn't try OpenID yet, but this is looking good. Thanks, Tom.

bye, Dirk

P.S. The patch is not up on geeklog.net yet, I was testing locally.

geeklog-devel mailing list
geeklog-devel at lists.geeklog.net

More information about the geeklog-devel mailing list