Ivan Popov <pin_at_medic.chalmers.se> writes:

> On Thu, Mar 10, 2005 at 05:53:41PM -0500, Jan Harkes wrote:
>> Actually, there is this annoying bug where a user with expired tokens
>> gets EACCESS on everything, even on those files that are accessible by
>> System:Anyuser.
>
> I am a bit concerned about letting anyone with expired tokens
> to access things as System:Anyuser.

Could one treat the user as if the system were disconnected?  The
hangs I got were only when the token timed out while on-line -- if I
had disconnected the laptop from the network, and the token timed out,
nothing bad would happen -- I'd go on using stuff in the local cache,
both reading and writing my files.  On reconnecting, I would get a new
token, and all my changes would get transmitted to the server.

If an expired token could make the system behave like that toward the
user in question, that would be very nice.  It would probably mean
keeping track of when objects were fetched from the server, and then
pretending that objects fetched since the token timed out were not in
the local cache.

-tih
-- 
Don't ascribe to stupidity what can be adequately explained by ignorance.