[aur-dev] cookies + suspended account

canyonknight canyonknight at gmail.com
Thu Feb 28 20:37:03 EST 2013

On Thu, Feb 28, 2013 at 6:30 PM, Alexander Griesbaum <agrsbm at gmail.com> wrote:
> On Tue, Feb 26, 2013 at 8:20 PM, Daniel Wallace <danielwallace at gtmanfred.com
>> wrote:
>> Hello,
>> I have been having to deal with some idiot who is pissed off in the aur
>> for some reason.  He keeps marking all my packages out of date.  And
>> somehow he is able to continually do this even after I have suspended
>> his account.  I am not sure if this is because of the cookie still
>> working and him still being logged in.
>> Would it be possible to add captchas to flag packages out of date, or to
>> make it so that suspending an account kills the cookie?
> Maybe I missed something...
> I want to get back to the fact, that the user could flag packages after he
> was suspended. In January, canyonknight committed a patch for this
> specific problem[1]:
> "A suspended user can stay in active sessions. Introduce new function
> delete_user_sessions to remove all open sessions for a specific user.
> Allows suspensions to take effect immediately."

Yes, that patch should immediately suspend a user account. There
hasn't been a new AUR release since that was committed, so I don't
believe it was applied to the official AUR setup.

> I tested this locally and I can confirm that the suspended user was
> immediately logged out. Maybe you should file a bug report and
> we should do some tests here?

Thanks for confirming that my patch works!



More information about the aur-dev mailing list