Modify

Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#9082 closed defect (fixed)

[patch] Remove cookie's expires param (set by Trac 0.12) when rememberme is unchecked

Reported by: Jan Janak Owned by: Steffen Hoffmann
Priority: normal Component: AccountManagerPlugin
Severity: normal Keywords: cookie lifetime
Cc: Trac Release: 0.12

Description

There is a new configuration option in Trac 0.12 to set the lifetime of cookies. When the option is set, the internal Trac authentication module generates persistent cookies.

The Account Manager module needs to remove the "expires" parameter from the cookie when the user does not check "Remember me", otherwise the cookie will be persistent regardless of the "Remember me" checkbox state.

Attachments (1)

rememberme.patch (862 bytes) - added by Jan Janak 6 years ago.
Remove 'expires' from cookie when "Remember Me" is unchecked.

Download all attachments as: .zip

Change History (6)

Changed 6 years ago by Jan Janak

Attachment: rememberme.patch added

Remove 'expires' from cookie when "Remember Me" is unchecked.

comment:1 Changed 6 years ago by Steffen Hoffmann

Keywords: cookie lifetime added
Status: newassigned

Well spotted. I even had a hard time double-checking what's going on in _do_login() of both, AcctMgr and Trac core (trac.web.auth). Thank you for taking your time to investigate and report it here.

comment:2 Changed 6 years ago by Steffen Hoffmann

(In [10589]) AccountManagerPlugin: Delete cookie expiration set in Trac 0.12, refs #9082.

This has been figured out by jan@… - thanks for reporting as well as contributing the fix.

comment:3 Changed 6 years ago by Jan Janak

Resolution: fixed
Status: assignedclosed

comment:4 Changed 6 years ago by Steffen Hoffmann

Beware, the fix is still pending for release to 0.3.2, and my comment in ticket #9095 applies here too, only closing with username is much better here. Thank you.

comment:5 Changed 6 years ago by Steffen Hoffmann

(In [10618]) AccountManagerPlugin: Publish maintenance release 0.3.2, closes #9051, #9082, #9088, #9091, #9092, #9093, #9095, #9099, #9107, #9108 and #9109.

This is an update for current stable at 0.3.1 with a number of fixes for issues reported within the last weeks.

While they will go into acct_mgr-0.4 too, current code isn't ready for release yet and will introduce a number of backwards-incompatible changes. So don't hurry for acct_mgr-0.4 right now.

Just noticed what I'd call a bug in signatures.py and removed unreasonable dependency on identical absolute path for successful check. Looks like nobody else tried this by now, right? Hey folks!

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Steffen Hoffmann.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.