Ticket #296 (new defect)

Opened 2 months ago

add indication to return_to for stateful requests

Reported by: http://keturn.myopenid.com/ Assigned to:
Priority: major Milestone:
Keywords: Cc:
Project: All libraries OpenID Protocol: All versions
Series: Web Browser:

Description

part of the reason that the "denied check_authentication" business is so hard to debug is that the library can't tell from an id_res response if it's a stateful assoc_handle, in which case it should abort immediately if the association isn't found, or a statelesss one, in which case it should try check_authentication. We should add some indication of this to a return_to parameter or the session or something.