Delete trac_auth_session cookie if the client sent it and rememberme is left unchecked.
|Reported by:||Jan Janak||Owned by:||Steffen Hoffmann|
It is necessary to check for the presence of trac_auth_session cookie in the request when the user is logging in. If the cookie exists and the user left rememberme option unchecked, we need to expire the trac_auth_session cookie.
Such left-over cookie may be sent by the user agent as result of previous authentication sessions.
Change History (15)
comment:1 follow-up: 3 Changed 6 years ago by
|Keywords:||cookie lifetime added|
|Status:||new → assigned|