Forum OpenACS Development: Re: Expiring logins requirements/design yet again ...

Collapse
2: Re: Expiring logins requirements/design yet again ... (response to 1)
Posted by Hazi Gharagozlou on 03/08/04 02:31 PM
Lars,

Does your fix solve the following problem, if yes where is it?

I recently set LoginTimeout = 0 on an updgraded site (from 4.6.3 to 5.0.3). Once I log out manually, I am not able to login again (Password expiration message). I deleted cookies and tried other browsers to no avail. Finally I was able to login by updtating the apm_parameter_values.

Collapse
3: Re: Expiring logins requirements/design yet again ... (response to 2)
Posted by Lars Pind on 03/08/04 08:31 PM
Hazi,

There are two issues:

1) the login page has expired (to prevent people from reusing your login page after you've logged out and left the site)

2) you're successfully logged in, but the login expires very quickly.

To my knowledge, I've actually fixed both of these.

/Lars

Collapse
4: Re: Expiring logins requirements/design yet again ... (response to 3)
Posted by Joel Aufrecht on 03/08/04 09:29 PM
The fix should be in 5.0.4, due out any day now.
Collapse
5: Re: Expiring logins requirements/design yet again ... (response to 3)
Posted by Hazi Gharagozlou on 03/10/04 07:18 PM
Lars,

I just checkout the 5.0.4-final version from cvs, and I am afraid to report that the login problem still there. Just to reiterate, I changed in the permissions of acs-kernel  LoginExpirationTime from 1200 to 0 and I get "The login page has expired. Please log in again." The only remedy is to change the record in apm_paramter_values.

Collapse
6: Re: Expiring logins requirements/design yet again ... (response to 5)
Posted by Joel Aufrecht on 03/10/04 09:22 PM
Let's escalate this to a bug, instead of a forum discussion, so we have better tracking and can incorporate it into release managed.  Hari, could you file it, with a verbose repro case?  Lars, could you verify that your new code is indeed in 5.0.4?
Collapse
7: Re: Expiring logins requirements/design yet again ... (response to 6)
Posted by Lars Pind on 03/13/04 06:02 PM
Ok. Change was on HEAD (5.1).

http://cvs.openacs.org/cvs/openacs-4/packages/acs-subsite/lib/login.tcl?r1=1.20&r2=1.21 

if { $expiration_time < 30 } {
  	         # If expiration_time is less than 30 seconds, it's practically impossible to login
  	         # and you will have completely hosed login on your entire site
  	         set expiration_time 30
  	     }
This bug has been there since the beginning of times.

/Lars