Hi,
I battled a problem lately, where acegi didn't properly set a new
Session-Cookie, when the session had timed out, and a new one was
created. It turned out to be a problem in
org.acegisecurity.context.HttpSessionContextIntegrationFilter, where an
empty catch block swallowed an IllegalStateException. Like this:
try {
httpSession = ((HttpServletRequest) request).getSession(true);
}
catch (IllegalStateException ignored) {
}
I documented it all here
http://www.techper.net/2008/07/19/acegi-security-not-setting-a-new-session-cookie/
with more detailed information. The reason for posting here on this
list, was a commenter on my blog, suggesting to tell you about it. Is
this something that should be considered to be fixed? Like, with a WARN
log in the catch block maybe?
Kind regards, Per
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
