Ticket #9082 (closed defect: fixed)

Opened 2 years ago

Last modified 2 years ago

[patch] Remove cookie's expires param (set by Trac 0.12) when rememberme is unchecked

Reported by: jan@ryngle.com Assigned to: hasienda
Priority: normal Component: AccountManagerPlugin
Severity: normal Keywords: cookie lifetime
Cc: Trac Release: 0.12

Description

There is a new configuration option in Trac 0.12 to set the lifetime of cookies. When the option is set, the internal Trac authentication module generates persistent cookies.

The Account Manager module needs to remove the "expires" parameter from the cookie when the user does not check "Remember me", otherwise the cookie will be persistent regardless of the "Remember me" checkbox state.

Attachments

rememberme.patch (0.8 kB) - added by jan@ryngle.com on 08/11/11 14:56:29.
Remove 'expires' from cookie when "Remember Me" is unchecked.

Change History

08/11/11 14:56:29 changed by jan@ryngle.com

  • attachment rememberme.patch added.

Remove 'expires' from cookie when "Remember Me" is unchecked.

08/11/11 21:28:34 changed by hasienda

  • keywords set to cookie lifetime.
  • status changed from new to assigned.

Well spotted. I even had a hard time double-checking what's going on in _do_login() of both, AcctMgr and Trac core (trac.web.auth). Thank you for taking your time to investigate and report it here.

08/11/11 21:30:16 changed by hasienda

(In [10589]) AccountManagerPlugin: Delete cookie expiration set in Trac 0.12, refs #9082.

This has been figured out by jan@ryngle.com - thanks for reporting as well as contributing the fix.

08/16/11 17:03:53 changed by janakj

  • status changed from assigned to closed.
  • resolution set to fixed.

08/16/11 23:14:07 changed by hasienda

Beware, the fix is still pending for release to 0.3.2, and my comment in ticket #9095 applies here too, only closing with username is much better here. Thank you.

08/26/11 00:50:37 changed by hasienda

(In [10618]) AccountManagerPlugin: Publish maintenance release 0.3.2, closes #9051, #9082, #9088, #9091, #9092, #9093, #9095, #9099, #9107, #9108 and #9109.

This is an update for current stable at 0.3.1 with a number of fixes for issues reported within the last weeks.

While they will go into acct_mgr-0.4 too, current code isn't ready for release yet and will introduce a number of backwards-incompatible changes. So don't hurry for acct_mgr-0.4 right now.

Just noticed what I'd call a bug in signatures.py and removed unreasonable dependency on identical absolute path for successful check. Looks like nobody else tried this by now, right? Hey folks!

Add/Change #9082 ([patch] Remove cookie's expires param (set by Trac 0.12) when rememberme is unchecked)




Change Properties
Action