<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Dear Balz<br>
<br>
Thanks very much for the patch. Will try to review it either
tomorrow afternoon or Wednesday the latest.<br>
Otherwise please keep reminding me ;-)<br>
<br>
Thanks<br>
<br>
Michael<br>
<br>
Am 05.08.11 15:20, schrieb basZero:
<blockquote
cite="mid:CAOXzDSEOLiB8R+xzev-G2y5M4E=ZOXQjAug7QiKUuRvXi23iRg@mail.gmail.com"
type="cite">Dear Michael,
<div><br>
</div>
<div>I have made the AutoLogin more stable in the use case where
the browser send multiple cookies of the same name.</div>
<div><br>
</div>
<div>This can happen, if the application issues different cookies
for different contexts, e.g.</div>
<div>Cookie 1: path = "/"</div>
<div>Cookie 2: path = "/archive/</div>
<div>Cookie 3: path = "/archive/2011/</div>
<div><br>
</div>
<div>In case the user opens the page to archive/2011 directly, the
browser sends 3 cookies with the request.</div>
<div>The current logic only checks the first cookie in the
request, and if the autologin does not work, the user is logged
out again.</div>
<div><br>
</div>
<div>I have now extended the AutoLogin class so that it loops over
ALL Autologin-Cookies until it finds a valid one.</div>
<div><br>
</div>
<div>The patch is attached.</div>
<div><br>
</div>
<div>IMPORTANT side note: This is also a critical update to an
application that issues only one cookie path, e.g. all for "/",
but with different values.</div>
<div>If the user clicks LOGOUT, the token/cookie gets deleted on
the server side, but the browser does not delete the cookie
(e.g. Google Chrome never deletes cookies, even if you tell it
to do so).</div>
<div>So as soon as AutoLogin is enabled again by the user, it
might not work correctly, because it processes only one of the
cookies in the request, which might be the old one...</div>
<div><br>
</div>
<div>Cheers</div>
<div>Balz</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
</body>
</html>