[xwiki-devs] Bug in MyFormAuthenticator? How should securityfilter work?

Hi, I think I found a bug in MyFormAuthenticator. In line 147 remember me is set to "false" if it is not checked on the login page: rememberme = (rememberme == null) ? "false" : rememberme; But the method processLogin() expects it to be NULL if the user doesn't want to use the remember feature (line 178-187): if (this.persistentLoginManager != null) { // did the user request that their login be persistent? if (rememberme != null) { // remember login this.persistentLoginManager.rememberLogin(request, response, username, password); } else { // forget login this.persistentLoginManager.forgetLogin(request, response); } } The problem is that if I fix this bug by removing line 147 the login process doesn't work anymore! I discovered this while I was implementing OpenID authentication support. I tried to debug it now two days but I didn't succed. The same problem occurs with my OpenID implementation. I'm need to tell XWiki that user xy was logged in and tried to do that by setting the user principal in the request object request.setUserPrincipal(principal); but it doesn't work. Is there some documentation about securityfilter available somewhere? I looked on securityfilter.sourceforge.net and googled for it but I didn't found anything. My next question is how I can add a "openid_identifier" property to the XWikiUsers class as a "XClass" as proposed by Sergiu: I didn't found any information on that. How is that done? How can I then search for the user with a specific OpenID identifier? Thank you very much, Markus