Index: openacs-4/packages/acs-tcl/tcl/security-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/security-procs.tcl,v diff -u -r1.99 -r1.100 --- openacs-4/packages/acs-tcl/tcl/security-procs.tcl 8 Jun 2018 13:39:13 -0000 1.99 +++ openacs-4/packages/acs-tcl/tcl/security-procs.tcl 8 Jun 2018 14:01:08 -0000 1.100 @@ -214,11 +214,11 @@ if { $session_expr - [sec_session_renew] < [ns_time] } { # # LARS: We abandoned the use of sec_login_handler here. This lets people stay logged in forever - # # if only the keep requesting pages frequently enough, but the alternative was that + # # if only they keep requesting pages frequently enough, but the alternative was that # # the situation where LoginTimeout = 0 (infinte) and the user unchecks the "Remember me" checkbox # # would cause users' sessions to expire as soon as the session needed to be renewed # sec_generate_session_id_cookie - + # apisano 2018-06-08: as discussed in # https://openacs.org/forums/message-view?message_id=1691183#msg_1691183, # this would break sec_change_user_auth_token as a mean to