Try this on a recent citadel HEAD:
Have two accounts with messages in the mailbox.
Open to browser windows with the same browser instance.
Login window 1 to webcit and bring up the mailbox view
Open the same view on window 2, and then logout on window 2
Login window 2 to the other webcit acc
because of the use of cookie based authentication you can't do that with one browser.
if you're able to reproduce this with two browsers (run a chrome and a firefox) and we have a problem.
Since the client knows the room its in, messages from "wrong" rooms will be displayed.
Push to the project "citadel.org ": The branch, master has been updated
via 2586658ccd87f0cd37312c2c85cd76d3c7d3ee54 (commit)
from d0526482accfcacb8b6f925afdf67d562925b5a0 (commit)
Those revisions listed above that are new to this repository have not appeared
on any other notifica
There was, however, a problem with sessions not being *fully* logged out.
I have just fixed that.
I doubt we will ever have the ability to log in two different users at the
same time from the same browser. On the other hand, I have been adding "go="
url components to a lot of the stuff I've
How difficult would it be to shift away from using cookies towards a more
REST-based architecture? Rely on authentication through the browser, or,
encode the authentication credentials in every URL--encrypted, of course.
That would be one solution that would allow multiple users logged in via
th
afaik REST doesn't say anything about authentication mechanisms at all;
it primarily says that a resource should be identified by a uniq URL; so the floor & roomname would have to be part of the URLs;
its doable in some parts, parsing the URL (and message IDs) is a little trickier, since you nee
Push to the project "citadel.org ": The branch, master has been updated
via d75b53ffd1f1e6cfbce340bae25710652617397c (commit)
from 2586658ccd87f0cd37312c2c85cd76d3c7d3ee54 (commit)
Those revisions listed above that are new to this repository have not appeared
on any other notifica
> Getting more REST-like would probably fit in nicely with the anonymous
>login feature. Any HTTP GET request received by webcit would require
>webcit to ask citserver if the requested resource required
>authentication, but then webcit wouldn't need to carry around much, if
>any, s