id	summary	reporter	owner	description	type	status	priority	component	severity	resolution	keywords	cc	release
9095	Delete trac_auth_session cookie if the client sent it and rememberme is left unchecked.	janakj	hasienda	It is necessary to check for the presence of trac_auth_session cookie in the request when the user is logging in. If the cookie exists and the user left rememberme option unchecked, we need to expire the trac_auth_session cookie.\r\n\r\nSuch left-over cookie may be sent by the user agent as result of previous authentication sessions.	defect	closed	normal	AccountManagerPlugin	normal	fixed	cookie lifetime		0.12