Forum OpenACS Development: Re: Support no_login on xo::cc::permission
If i remember correctly, the reason for doing this was to circumvent cases, where an auth::require_login caused problems, if executed under a catch. By forcing the refresh early, this does not happen.
i'll turn off force_refresh on one of my installations to give a more detailed analysis. Maybe, we can add a package parameter to force logins or not. The current behavior has it advantages as well: it provides a consistent user-interface, no matter whether the login expired or not. if the login is not forced, some controls (wiki menu, edit buttons etc.) will suddenly disappear, when the login expires, and the user has to login manually again.