[geeklog-devel] OAuth and sessions (was: Geeklog 1.8.0)
websitemaster at cogeco.net
Thu Apr 28 10:21:08 EDT 2011
>> Didn't try OpenID yet, but this is looking good
Have you tried OpenID?
Also for updating the user table with passwords do you think it will be okay
if I update any record that doesn't have a password and a NULL in the
remoteservice column? I didn't have time to double check the 3rd Party login
stuff but if they are missing a password then the bug will affect them as
From: geeklog-devel-bounces at lists.geeklog.net
[mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Dirk Haun
Sent: April-26-11 2:33 PM
To: Geeklog Development
Subject: Re: [geeklog-devel] OAuth and sessions (was: Geeklog 1.8.0)
> You need to use 2 users to reproduce the problem. Your OAuth user and
> then another user which I just use after a few minutes( and when the
> OAuth user has logged in) so that the session table gets flushed when
> I access something on the site.
- log in with OAuth
- wait 2+ minutes
- in a second browser, as an anonymous user, load the site
- in the first browser, refresh and notice that you're logged out
With the patch now, the OAuth user does disappear from the Who's Online
block, but after any action on the site (refresh, clicking a link), they're
logged in again. In other words, OAuth users now work like normal users.
Didn't try OpenID yet, but this is looking good. Thanks, Tom.
P.S. The patch is not up on geeklog.net yet, I was testing locally.
geeklog-devel mailing list
geeklog-devel at lists.geeklog.net
More information about the geeklog-devel