Nelson is correct in his analysis. The only thing I can think of that may be going on is for some reason your token is not always returning the handle correctly from the search.The modification appears in the file 'pk11cert.c' between the version 1.82 and 1.83. The author of this modification is Bob Relyea.
Maybe Bob will add some comments here.
Token insertion/removal in NSS is detected by noticing the primordial session handle going invalid. If you token periodically invalidates the session handle (or looses track that a given session handle is valid), then it will look to NSS like your token is continually being inserted and removed. Combining both of these issues could show the problems you are running into. The previous version of NSS was masking the problem by using what should be a stale object ID.
I'd suggest tracing the actual C_ calls made to your token and examining the error codes that come back from these calls.
bob
Thanks in advance ! Julien
--
Nelson Bolyard Disclaimer: I speak for myself, not for Netscape
