> I guess it'd be pretty hard to replace the use of the token > only for Basic authentication actually. > > I was trying to think if there were any issues w/regards to > clusters (with replicated sessions). In the case of getting > rid of the token in the session, on a failover and switch to > another machine, there wouldn't be an entry in the cache, so > the db would be hit again, but that's about it I guess...
By getting rid of the DaoAuthenticationToken and relying solely on the pluggable cache provider, we would be eliminating Acegi Security's only "dependency" on the HttpSession. Surely this would be a good thing, as it gives users more flexibility with how they architect their cluster systems. Also, open source software like SwarmCache provides cluster-aware caching. So if people wanted to ensure cluster-wide removal of an entity from the cache, writing a UserCache implementation that delegates to something like SwarmCache would permit that. Best regards Ben ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______________________________________________ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
