Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#9082 closed defect (fixed)

[patch] Remove cookie's expires param (set by Trac 0.12) when rememberme is unchecked

Reported by: janakj Owned by: hasienda
Priority: normal Component: AccountManagerPlugin
Severity: normal Keywords: cookie lifetime
Cc: Trac Release: 0.12


There is a new configuration option in Trac 0.12 to set the lifetime of cookies. When the option is set, the internal Trac authentication module generates persistent cookies.

The Account Manager module needs to remove the "expires" parameter from the cookie when the user does not check "Remember me", otherwise the cookie will be persistent regardless of the "Remember me" checkbox state.

Attachments (1)

rememberme.patch (862 bytes) - added by janakj 5 years ago.
Remove 'expires' from cookie when "Remember Me" is unchecked.

Download all attachments as: .zip

Change History (6)

Changed 5 years ago by janakj

Remove 'expires' from cookie when "Remember Me" is unchecked.

comment:1 Changed 5 years ago by hasienda

  • Keywords cookie lifetime added
  • Status changed from new to assigned

Well spotted. I even had a hard time double-checking what's going on in _do_login() of both, AcctMgr and Trac core (trac.web.auth). Thank you for taking your time to investigate and report it here.

comment:2 Changed 5 years ago by hasienda

(In [10589]) AccountManagerPlugin: Delete cookie expiration set in Trac 0.12, refs #9082.

This has been figured out by jan@… - thanks for reporting as well as contributing the fix.

comment:3 Changed 5 years ago by janakj

  • Resolution set to fixed
  • Status changed from assigned to closed

comment:4 Changed 5 years ago by hasienda

Beware, the fix is still pending for release to 0.3.2, and my comment in ticket #9095 applies here too, only closing with username is much better here. Thank you.

comment:5 Changed 5 years ago by hasienda

(In [10618]) AccountManagerPlugin: Publish maintenance release 0.3.2, closes #9051, #9082, #9088, #9091, #9092, #9093, #9095, #9099, #9107, #9108 and #9109.

This is an update for current stable at 0.3.1 with a number of fixes for issues reported within the last weeks.

While they will go into acct_mgr-0.4 too, current code isn't ready for release yet and will introduce a number of backwards-incompatible changes. So don't hurry for acct_mgr-0.4 right now.

Just noticed what I'd call a bug in and removed unreasonable dependency on identical absolute path for successful check. Looks like nobody else tried this by now, right? Hey folks!

Add Comment

Modify Ticket

as closed The owner will remain hasienda.
The resolution will be deleted. Next status will be 'reopened'.

E-mail address and user name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.