On Sat, 03 Sep 2011 12:00:27 -0700, cd34 wrote: > Can you run LiveHeaders in firefox and see if it is actually resetting > the cookie when you log out the first time?
With timeout and max_age set to 12000 and reissue_time set to 120, I logged in, waited more than two minutes (i.e., longer than reissue_time), and then logged out. What I saw was the old cookie being removed and a new one being issued, all in the same response. So it looks like the re-issue mechanism is interfering with the logout/ forget mechanism. I can log out over and over and over again and keep getting re-issued cookies. When I don't include a reissue_time in my AuthTktAuthenticationPolicy, I get the correct behavior (i.e., log in, wait, log out, and no new cookie). If I'm missing something about the reissue_time parameter, then by all means, whack me with a clue-stick and fill me in. Or if this is a bug, then I'll be glad to file a bug report (not glad because there is a bug, of course, but glad that I can in some way contribute). Thanks, Dan -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to pylons-discuss@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.