[OSM-talk] I big jump in new users and user activity.
Tom Hughes
tom at compton.nu
Tue Jun 3 21:40:49 BST 2008
Richard Fairhurst wrote:
> Frederik Ramm wrote:
>
>> Later I had a situation where
>> Potlatch continually complained that I wasn't logged in while the
>> screen still showed my user name in the top right corner - session
>> expiry perhaps?
>
> Were you using the same login on two machines? Potlatch uses the same
> token as the rest of the Rails site, rather than a JOSM-like separate
> auth - the SWF doesn't even know your username or password, it just
> has the token. So if you started a session on one machine, then one on
> another, the second instance would effectively log the first one out;
> and because the Rails site doesn't do a AJAXy periodic refresh for the
> user name at the top right (after all, why would it?), that wouldn't
> change.
Um... no. First up there is nothing to stop you being logged in on more
than one machine at once. I do it all the time.
Secondly a user can have more than one token at a time and any one of
them is sufficient to have full access to the api.
What actually happens with Potlatch is that the server checks the
session (which is tied to the client browser instance by a cookie) for a
token and if it doesn't find one it creates one and saves it in the
session. That token is then embedded in the edit page as a parameter to
the Potlatch applet.
Tom
--
Tom Hughes (tom at compton.nu)
http://www.compton.nu/
More information about the talk
mailing list