On 2009-10-15 02:39 PDT, Neil wrote: > Robert Relyea wrote: > >> If you have no master password set, you have a token that doesn't have >> 'need login' set in it. NSS will treat such a token as "always logged >> in". No matter how many times you log out, the token and it's keys are >> still available. >> >> What exactly are you seeing? >> >> > What I'm seeing is that after calling logoutSimple(); login(false); > then isLoggedIn() returns false. But with a master password, then > logoutSimple(); login(false); will prompt for the password and > isLoggedIn() returns true, assuming the password was correctly entered. > And I'm not actually calling login myself; I want to leave the token > logged out if there is a password, so that the next caller to login > prompts.
Neil, I suggest you file a bug against PSM (product: core, component: security/PSM) and cc to Bob Relyea (rrelyea), and add all the info you've provided in this thread about what you've tried and the experimental results you've seen. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
