I'm experiencing a potential problem with formauth in the latest trunk of sling (r979875) that I wanted to check to see if this is now the intended behavior with all the recent auth changes, or is a newly introduced bug.
Here is my scenario: - Start up the standalone sling. - Install the form auth bundle. - Goto: http://localhost:8080/index.html - page should render - Goto: http://localhost:8080/system/sling/form/login - login - Goto: http://localhost:8080/index.html - page should still render - Wait for session cookie to timeout (I lowered the timeout to 1 min for my testing) - Refresh: http://localhost:8080/index.html - page will redirect to login form Once the cookie times out I can no longer get to any resource (regardless of ACL's on the resource) without either logging back in or deleting the cookie from my browser. This effectively locks me out of the repo and prevents the user from returning to an anonymous user state. Is this the intended behavior?
