Hi, I battled a problem lately, where acegi didn't properly set a new Session-Cookie, when the session had timed out, and a new one was created. It turned out to be a problem in org.acegisecurity.context.HttpSessionContextIntegrationFilter, where an empty catch block swallowed an IllegalStateException. Like this:
try { httpSession = ((HttpServletRequest) request).getSession(true); } catch (IllegalStateException ignored) { } I documented it all here http://www.techper.net/2008/07/19/acegi-security-not-setting-a-new-session-cookie/ with more detailed information. The reason for posting here on this list, was a commenter on my blog, suggesting to tell you about it. Is this something that should be considered to be fixed? Like, with a WARN log in the catch block maybe? Kind regards, Per ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer