>
> Could you file a bug report for this?
>
> -David
>
>
> On Oct 20, 2005, at 8:10 AM, Souvik Saha Bhowmik wrote:
>
> > Hi
> >
> > I downloaded the new version yesterday...But it didn't solve my
> > problem ..rather complicated it....I was not able to log in to my
> > application through any user id and password that I created.. The user
> > ids were provided with sufficient security permissions....and the
> > error message was "password incorrect". though I found out the
> > password existed in the userLogin entity with the corrosponding
> > userLoginId...
> >
> > Regarding the older version(5021) I found out the cause of my
> > problem....I was using the logout event  of Ofbiz.....The logout
> > eventually calls the LogoutWorker..which while logging out extracts
> > the userLogin information from session and updates the userLogin
> > entity with the hasLogged out field information.....And hence though
> > the password was changed in the entity(UserLogin) it again got updated
> > with the older password.This is becuse the UserLogin information in
> > session had the older password. This seems to be a bug because the
> > entire information should not be updated and only the hasLoggedOut
> > field should be updated. Otherwise no logged in user could change his
> > password. Precisely , he can change but it reverts back while logging
> > out. However I used the <befor logout> tag to invoke an event which
> > updates the session with the new UserLogin information. the
> > changePassword feature in my case was implemented using a service and
> > so I could not update the session with the new userLogin while
> > changing password.....
> >
> > However I shall be obliged if you look into the behaviour of new Ofbiz
> >  that I noticed and get back to me......Its very urgent for Ofbiz
> > users like us
> > Thanx
> > Souvik
> >
> > On 10/18/05, David E. Jones <[hidden email]> wrote:
> >
> >>
> >> Based on this I couldn't really say what is going wrong. If you are
> >> using an older version of OFBiz you might be running into a cache
> >> problem, but I'm not aware of anything like this that is an
> >> outstanding issue right now.
> >>
> >> If you can reproduce the problem in the current code base let me know
> >> what you did to make it happen and I'll look into it...
> >>
> >> -David
> >>
> >>
> >> On Oct 18, 2005, at 6:53 AM, Souvik Saha Bhowmik wrote:
> >>
> >>
> >>> Hi all,
> >>> I have built an application using the Ofbiz framework and has made
> >>> full use of the Security system..I am using the framework provided
> >>> login and logout services
> >>> In my application there is a customer side and an admin side....
> >>> I have provided the customer with a feature to change password after
> >>> logging in. In that case I find that though the new password is
> >>> updated in the Userlogin entity its not effecting the
> >>> application...Whil;e trying to log in with his new password the
> >>> customer is getting error of Incorrecvt password. But he is able to
> >>> log in with his old password. The strangest thing is that the
> >>> Userlogin entity has the new password and not the old one......is
> >>> the
> >>> password also stored some where else....I have not used any
> >>> encryption....
> >>> there are more strange observations .......
> >>> When the admin tries to change the customers password the change is
> >>> effected if the user is not logged in at that moment...Even if he is
> >>> logged in he the UserLo0gin entity gets updated with new password
> >>> but
> >>> it does not effect the customer's security settings. I mean later
> >>> when
> >>> the customer tries to log in with his new password he fails but is
> >>> allowed the same with his old password.....
> >>> But when an admin changes the password of a customer who in not
> >>> logged
> >>> in the change effects his security settings...The behaviour is as
> >>> expected...He can log in with his new password and not the old......
> >>> If I provide the customer with a feature that he canchange his
> >>> password without logging in( where he has to provide his userloginId
> >>> also) the behaviousr is as expected.....He can log in with his new
> >>> password and not his old one......
> >>>
> >>> FYI I am using a minilang(simple) service to change the password and
> >>> update the UserLogin entity....It uses the "store" tag of minilang
> >>>
> >>> Can someone please explain this wierd behaviour and its
> >>> remedy.....any
> >>> suggerstion will be of gr8 help and I shall be highly obliged
> >>>
> >>> _______________________________________________
> >>> Users mailing list
> >>> [hidden email]
> >>> http://lists.ofbiz.org/mailman/listinfo/users
> >>>
> >>>
> >>
> >>
> >> _______________________________________________
> >> Users mailing list
> >> [hidden email]
> >> http://lists.ofbiz.org/mailman/listinfo/users
> >>
> >>
> >
> > _______________________________________________
> > Users mailing list
> > [hidden email]
> > http://lists.ofbiz.org/mailman/listinfo/users
> >
>
>
>