A workaround for this symptom was added to repoze.who 1.0.14 (contributed by Gustavo Narea) which allows the auth_tkt configuration to specify a "userid_checker". If you pass a callable in to the auth_tkt identifier plugin's constructor, that callable will be called with the userid; if it returns True, it means that the user still exists. If it returns false, it means the user no longer exists (and credentials will not be accepted). I'm not sure how you'd integrate this into Turbogears/repoze.what, but the feature now exists.
- C On 6/26/09 6:48 PM, alexbodn.gro...@gmail.com wrote: > > hello friends, > > it goes like this: > > i'm logging in to a turbogears app. > > then i stop the app, create a new app and start the new one, that > doesn't have the previously logged in user yet in it's db. > > when opening a page from the new app, it shows like i'm still logged in > (i didn't close the browser, hence the session is somehow reused) > i'd rather check for the mere existence of the remembered user on each > controller access, wouldn't you? > > > ------------------------------------------------------------------------ > > _______________________________________________ > Repoze-dev mailing list > Repoze-dev@lists.repoze.org > http://lists.repoze.org/listinfo/repoze-dev _______________________________________________ Repoze-dev mailing list Repoze-dev@lists.repoze.org http://lists.repoze.org/listinfo/repoze-dev
