Hi all,
I have built an application using the Ofbiz framework and has made
full use of the Security system..I am using the framework provided
login and logout services
In my application there is a customer side and an admin side....
I have provided the customer with a feature to change password after
logging in. In that case I find that though the new password is
updated in the Userlogin entity its not effecting the
application...Whil;e trying to log in with his new password the
customer is getting error of Incorrecvt password. But he is able to
log in with his old password. The strangest thing is that the
Userlogin entity has the new password and not the old one......is the
password also stored some where else....I have not used any
encryption....
there are more strange observations .......
When the admin tries to change the customers password the change is
effected if the user is not logged in at that moment...Even if he is
logged in he the UserLo0gin entity gets updated with new password but
it does not effect the customer's security settings. I mean later when
the customer tries to log in with his new password he fails but is
allowed the same with his old password.....
But when an admin changes the password of a customer who in not logged
in the change effects his security settings...The behaviour is as
expected...He can log in with his new password and not the old......
If I provide the customer with a feature that he canchange his
password without logging in( where he has to provide his userloginId
also) the behaviousr is as expected.....He can log in with his new
password and not his old one......
FYI I am using a minilang(simple) service to change the password and
update the UserLogin entity....It uses the "store" tag of minilang
Can someone please explain this wierd behaviour and its remedy.....any
suggerstion will be of gr8 help and I shall be highly obliged
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
Locked
