Forum OpenACS Development: Re: Remember Me Feature Broken!

Collapse
Posted by Victor Guerra on
Yes.. at the moment ( even with my patch applied ) users are being logged out when retrieval of the session cookie fails ( for either of the reasons: session cookie does not exist, validation of signature of session cookie fails or session cookie expiration).

So I think that adding this parameter for controlling weather or not to force the logout makes sense. Then, using a combination of the parameters AllowPersistentLoginP and this new parameter ( AllowUntrustedPublicAccess perhaps ) would be enough to cover all possible scenarios.

We could then proceed this way.