At this level (i.e. at the Dao provider level), I'm not sure you can
differentiate between a "login" with an existing cache entry and the
authentication that takes part as part of each invocation.
How would you define a "logout" in the scenario defined above (assuming
it didn't involve removing credentials from the cache). The usage might
not be tied to an HTTP session, for example, it could be a remote client.
Mark St.Godard wrote:
Yes definitely, its not as simple as moving the publish event outside
of the cache check, as this would trigger it when we really dont want
to.
Ben et al, (as per your comments) is this the expected behavior of
the event model?
I would think we need to uniquely identify the 2nd logon and publish
accordingly.
Cheers,
Mark
--
Luke Taylor. Monkey Machine Ltd.
PGP Key ID: 0x57E9523C http://www.monkeymachine.ltd.uk
-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
