[jdev] Re: jabberd 1.4.x password changing

Peter Saint-Andre stpeter at jabber.org
Fri Feb 11 16:15:27 CST 2005 

Thanks, that's helpful.

A little bird told me that jabberd 1.4.4 is on the way, and that this 
might be fixed in that release. ;-)

/psa

In article 
<E7650E6BCAF2414E8134C60A29AE28800132B915 at ms3aex05.USIEXCHANGE.COM>,
 "Bresler, Jonathan" <Jonathan.Bresler at usi.net> wrote:

> Peter,
> 
> jsm/users.c user data caching.
> 
> as long as there is a session for a user, the cached user data will not be 
> purged.
> one all session go away you must wait as long as 
> <jsm><usergc>NNN</usergc></jsm> seconds
> for the cached user data to be discarded.
> 
> IMHO its an error to cache the password information at all.  its only needed 
> at login.
> so read the disk for each login of each user.
> 
> unfortunately the "bounce user on null resource login" depends upon the 
> password being
> in the user cache.  could be re-implemented with a flag/variable in the user 
> data structure
> rather than overloading the password field.
> 
> dealing with this here.  have some code that begins to address it.  issue i 
> have right now
> is that the register and change password code is intermixed...split that out. 
>  have two 
> controls in .xml file now.  (newuser="yes|no"  changepassword="yes|no").
> 
> have to stop the code from disallowing the change but modifying disk anyway 
> ;)
> 
> Jonathan
> 
> -----Original Message-----
> From: jdev-bounces at jabber.org on behalf of Peter Saint-Andre
> Sent: Fri 2/11/2005 1:09 PM
> To: jdev at jabber.org
> Subject: [jdev] jabberd 1.4.x password changing
>  
> At jabber.org (running jabberd 1.4.2cvs plus patches, it's a long story, 
> don't ask), I see the following behavior with regard to password changes:
> 
> 1. Log in with pw1, change password to pw2 (confirmed as changed in 
> database), log out, successfully log in with pw2. All is happy.
> 
> 2. Log in with pw1 as resource1, log in with pw1 as resource2, change 
> password to pw2 from resource2 (confirmed as changed in database), log 
> out of resource2, leave resource1 logged in, try to log in with pw2 as 
> resource2, get 401 error (but can successfully log in with pw1 as 
> resource2). Once I log out of resource1 (no more connected resources), I 
> am then able to successfully log in with pw2.
> 
> So it seems that there is some kind of session caching happening, even 
> though pgmillard confirms that we have all xdb caching turned off. Is 
> there a way to configure jabberd 1.4 to not cache anything, do we need 
> to finally and definitively upgrade to 1.4.3, or is this a bug?
> 
> Thanks!
> 
> /psa
>

More information about the JDev mailing list