(Illustration by Gaich Muramatsu)
Ivan Popov <pin_at_medic.chalmers.se> writes: > On Thu, Mar 10, 2005 at 05:53:41PM -0500, Jan Harkes wrote: >> Actually, there is this annoying bug where a user with expired tokens >> gets EACCESS on everything, even on those files that are accessible by >> System:Anyuser. > > I am a bit concerned about letting anyone with expired tokens > to access things as System:Anyuser. Could one treat the user as if the system were disconnected? The hangs I got were only when the token timed out while on-line -- if I had disconnected the laptop from the network, and the token timed out, nothing bad would happen -- I'd go on using stuff in the local cache, both reading and writing my files. On reconnecting, I would get a new token, and all my changes would get transmitted to the server. If an expired token could make the system behave like that toward the user in question, that would be very nice. It would probably mean keeping track of when objects were fetched from the server, and then pretending that objects fetched since the token timed out were not in the local cache. -tih -- Don't ascribe to stupidity what can be adequately explained by ignorance.Received on 2005-03-14 04:00:32