[Yanel-dev] AutoLogin improved (important bug fix!)
Michael Wechner
michael.wechner at wyona.com
Mon Aug 8 10:24:30 CEST 2011
Dear Balz
Thanks very much for the patch. Will try to review it either tomorrow
afternoon or Wednesday the latest.
Otherwise please keep reminding me ;-)
Thanks
Michael
Am 05.08.11 15:20, schrieb basZero:
> Dear Michael,
>
> I have made the AutoLogin more stable in the use case where the
> browser send multiple cookies of the same name.
>
> This can happen, if the application issues different cookies for
> different contexts, e.g.
> Cookie 1: path = "/"
> Cookie 2: path = "/archive/
> Cookie 3: path = "/archive/2011/
>
> In case the user opens the page to archive/2011 directly, the browser
> sends 3 cookies with the request.
> The current logic only checks the first cookie in the request, and if
> the autologin does not work, the user is logged out again.
>
> I have now extended the AutoLogin class so that it loops over ALL
> Autologin-Cookies until it finds a valid one.
>
> The patch is attached.
>
> IMPORTANT side note: This is also a critical update to an application
> that issues only one cookie path, e.g. all for "/", but with different
> values.
> If the user clicks LOGOUT, the token/cookie gets deleted on the server
> side, but the browser does not delete the cookie (e.g. Google Chrome
> never deletes cookies, even if you tell it to do so).
> So as soon as AutoLogin is enabled again by the user, it might not
> work correctly, because it processes only one of the cookies in the
> request, which might be the old one...
>
> Cheers
> Balz
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wyona.org/pipermail/yanel-development/attachments/20110808/dea8b520/attachment.html>
More information about the Yanel-development
mailing list