Forum OpenACS Development: Re: Request Processor's rp_filter and AJAX
The culprit is
sec_get_user_auth_token used in (
sec_login_handler which is used in
sec_handler. Security can be such a nuisance!
Is it possible to have client track the value of:
sec_get_user_auth_token user_id ?
If auth_token changes, a new login is expected. Maybe the client could interrupt the session for re-login. Or if client already has info, handle re-login via
I've managed to avoid js managed sessions, but have some sense of this via ecommerce which has its own sessions, so this strategy may not work for you.