On 10/15/2009 02:39 AM, Neil wrote:
> Robert Relyea wrote:
>
>> If you have no master password set, you have a token that doesn't
>> have 'need login' set in it. NSS will treat such a token as "always
>> logged in". No matter how many times you log out, the token and it's
>> keys are still available.
>>
>> What exactly are you seeing?
>>
>>
> What I'm seeing is that after calling logoutSimple(); login(false);
> then isLoggedIn() returns false. But with a master password, then
> logoutSimple(); login(false); will prompt for the password and
> isLoggedIn() returns true, assuming the password was correctly
> entered. And I'm not actually calling login myself; I want to leave
> the token logged out if there is a password, so that the next caller
> to login prompts.
>
isLoggedIn appears to be returning exactly what NSS returns. What you
need is the result of PK11_NeedLogin().
Before authenticating the normal NSS internal check is:
if (PK11_NeedLogin() & !PK11_IsLoggedIn()) {
/* state is not logged in */
}
bob
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
