[Yanel-dev] AutoLogin improved (important bug fix!)

basZero baszero at gmail.com
Tue Nov 15 14:58:46 CET 2011


Hi Michael,

as I haven't heard back from you regarding this patch, you can ignore the
patch sent in August 2011 (see below). I have now created a github pull
request which makes it much more easier to review.
Please comment directly into the code in github's pull request (you can
comment on individual lines or on the whole commit) if you have questions
or improvements.

https://github.com/wyona/yanel/pull/10

Thanks
Balz.

On Mon, Aug 8, 2011 at 10:24 AM, Michael Wechner
<michael.wechner at wyona.com>wrote:

>  Dear Balz
>
> Thanks very much for the patch. Will try to review it either tomorrow
> afternoon or Wednesday the latest.
> Otherwise please keep reminding me ;-)
>
> Thanks
>
> Michael
>
> Am 05.08.11 15:20, schrieb basZero:
>
> Dear Michael,
>
>  I have made the AutoLogin more stable in the use case where the browser
> send multiple cookies of the same name.
>
>  This can happen, if the application issues different cookies for
> different contexts, e.g.
> Cookie 1: path = "/"
> Cookie 2: path = "/archive/
> Cookie 3: path = "/archive/2011/
>
>  In case the user opens the page to archive/2011 directly, the browser
> sends 3 cookies with the request.
> The current logic only checks the first cookie in the request, and if the
> autologin does not work, the user is logged out again.
>
>  I have now extended the AutoLogin class so that it loops over ALL
> Autologin-Cookies until it finds a valid one.
>
>  The patch is attached.
>
>  IMPORTANT side note: This is also a critical update to an application
> that issues only one cookie path, e.g. all for "/", but with different
> values.
> If the user clicks LOGOUT, the token/cookie gets deleted on the server
> side, but the browser does not delete the cookie (e.g. Google Chrome never
> deletes cookies, even if you tell it to do so).
> So as soon as AutoLogin is enabled again by the user, it might not work
> correctly, because it processes only one of the cookies in the request,
> which might be the old one...
>
>  Cheers
> Balz
>
>
>
>
> --
> Yanel-development mailing list Yanel-development at wyona.com
> http://lists.wyona.org/cgi-bin/mailman/listinfo/yanel-development
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wyona.org/pipermail/yanel-development/attachments/20111115/044affcc/attachment.html>


More information about the Yanel-development mailing list