#5600 closed defect (fixed)
Trac loses Login
| Reported by: | ax | Owned by: | team |
|---|---|---|---|
| Priority: | normal | Component: | Trac |
| Version: | Keywords: | trac, login | |
| Cc: |
Description
continued from ticket:4498#comment:4 :
problem: i log in and get a "logged in as ax" on the top right. clicking any link or submitting any form or just reloading the page logs me out, giving me the "Login" link on the top right again, and forms being submitted as anonymous. i have to manually fill the "Your email or username" box. i have cookies enabled, and it happens in firefox (in safe mode, without any plugins), google chrome, opera.
hints: i have been tracing the cookies with firefox' cookie manager:
- http://josm.openstreetmap.de/ : trac_from_token, trac_session
- http://josm.openstreetmap.de/login : additionally, trac_auth
- now clicking *any* other link within http(s):josm.openstreetmap.de/ gives me another trac_session! and i'm logged out. guess this second session is an anonymous section, and it is used instead of the authenticated secion. maybe because this any other link contains "unauthenticated content" from http://josm... instead of https://josm...?
might be related to http://trac.edgewall.org/ticket/791 , http://trac.edgewall.org/ticket/6121 . see also http://trac.edgewall.org/log/branches/0.12-stable , which has some session cookie related fixes.
would be grateful if this could be fixed.
Attachments (0)
Change History (10)
comment:1 Changed 3 years ago by stoecker
comment:2 Changed 3 years ago by ax
unfortunately, it does not. still getting logged out, and still getting the second (and third and fourth and ...) trac_session (and now also getting more than one trac_auth cookie), which i would think is the cause of this problem.
comment:3 Changed 3 years ago by anonymous
ok, here is what i found sniffing the connection with wireshark (only the non-https part), looking for Set-Cookie:
- the first cookies are set for the homepage:
GET / HTTP/1.1 Set-Cookie: trac_form_token=a1b74c41ea8662XXXXXXXXXX; Path=/ Set-Cookie: trac_session=ce5e26eb052b29XXXXXXXXXX; expires=Wed, 02-Feb-2011 11:24:09 GMT; Path=/
- the second time Set-Cookie is called is here:
GET /browser/trunk/images/logo.png?format=raw HTTP/1.1 Set-Cookie: trac_auth=; expires=Thu, 04-Nov-2010 08:37:58 GMT; Path=/ Set-Cookie: trac_session=f6113951b4c164XXXXXXXXXX; expires=Wed, 02-Feb-2011 11:24:38 GMT; Path=/
aha! so the request to /browser/trunk/images/logo.png?format=raw kills my auth session! when i block this url via Adblock Plus, everything works as expected, i stay logged in.
/browser/trunk/images/logo.png?format=raw looks like a trac template / config error to me - this should be a static url, shouldn't it?. please fix. thanks!
comment:4 Changed 3 years ago by ax
well - almost :S the login stays for browsing other pages and previewing tickets - but apparently not for submitting them. let's see ...
comment:5 Changed 3 years ago by ax
now it does - never mind comment:4
comment:6 Changed 3 years ago by ax
trying to fix this by changing
[[Image(source:/trunk/images/logo.png)]]
to
[[Image(/svn/trunk/images/logo.png)]]
in WikiStart. this works - however, /browser/trunk/images/logo.png?format=raw (generated by [[Image(source:/trunk/images/logo.png)]]) seems to be used somewhere else. maybe in the trac config ([header_logo], src)? would be great if you could hunt this down and change accordingly. thanks!
comment:7 Changed 3 years ago by stoecker
Better now?
comment:8 Changed 3 years ago by ax
- Resolution set to fixed
- Status changed from new to closed
yep, that's it. thanks!
comment:9 Changed 3 years ago by ax
you might reset auth_cookie_lifetime to the original value ...
comment:10 Changed 2 years ago by ax
- Component changed from unspecified to Trac
I set auth_cookie_lifetime to 360000. Does it help?