MoinMoin: MoinMoinChat/Logs/moin-dev/2006-02-23

2006-02-23T19:44:26  <ThomasWaldmann>          self.saved_cookie = ''
2006-02-23T19:44:26  <ThomasWaldmann>          self.user = user.User(self, auth_method="request:1245")
2006-02-23T19:44:56  <ThomasWaldmann> i am thinking about removing those 2 lines from request.deleteCookie to make auth system more usable
2006-02-23T19:45:24  <ThomasWaldmann> the first line isnt critical, maybe just superfluous
2006-02-23T19:45:52  <ThomasWaldmann> the second line resets the in-memory user object to unknown
2006-02-23T19:46:24  <xorAxAx> those lines are just relevant for the logout page processing
2006-02-23T19:46:34  <ThomasWaldmann> problem is if you have an auth method being executed after moin_cookie that needs the user name for doing its logout stuff
2006-02-23T19:46:49  <xorAxAx> if you dont invalidate the user, he will still see his name
2006-02-23T19:47:00  <ThomasWaldmann> yes, for 1 request
2006-02-23T19:47:06  <xorAxAx> thats confusing
2006-02-23T19:47:17  <ThomasWaldmann> but I could maybe set user.valid = False
2006-02-23T19:47:17  <xorAxAx> --> usability issue
2006-02-23T19:47:23  <xorAxAx> yeah, more sensible
2006-02-23T19:48:18  <ThomasWaldmann> (instead of creating a new user)
2006-02-23T19:48:37  <ThomasWaldmann> maybe that is enough to not show the name on the ui
2006-02-23T19:52:28  <ThomasWaldmann> ok, I try that later (has to do with current project and smbmount method - if you want to do an smb umount on logout)
2006-02-23T19:52:38  <ThomasWaldmann> gtg & bbl
2006-02-23T20:15:33  <xorAxAx> why do you mount smb?
2006-02-23T20:15:47  <xorAxAx> you dont need to mount in order to check credentials
2006-02-23T20:34:23  <ThomasWaldmann> i mount it because i need the files :)
2006-02-23T20:39:20  <ThomasWaldmann> strange
2006-02-23T20:39:58  <ThomasWaldmann> i removed both lines and you are logged out immediately after logout click
2006-02-23T20:40:59  <xorAxAx> but do you still see your name?
2006-02-23T20:41:08  <ThomasWaldmann> no
2006-02-23T20:41:23  <ThomasWaldmann> ok, it's clear
2006-02-23T20:41:46  <ThomasWaldmann> if there is logout form field, it doesnt create a user object
2006-02-23T20:44:21  <ThomasWaldmann> looks like we have to change that a bit more than i thought
2006-02-23T21:02:54  <ThomasWaldmann> xorAxAx: what do you think of giving old user_obj to next auth method?
2006-02-23T21:03:47  <xorAxAx> sounds good
2006-02-23T21:04:13  <ThomasWaldmann> so it can either return it "as it was" (if it doesnt care for it)
2006-02-23T21:04:37  <ThomasWaldmann> or it can change it from None to User  --  or even from User to None