Modify

Opened 10 years ago

Closed 10 years ago

Last modified 10 years ago

#5600 closed defect (fixed)

Trac loses Login

Reported by: ax Owned by: team
Priority: normal Milestone:
Component: Trac Version:
Keywords: trac, login Cc:

Description

continued from ticket:4498#comment:4 :

problem: i log in and get a "logged in as ax" on the top right. clicking any link or submitting any form or just reloading the page logs me out, giving me the "Login" link on the top right again, and forms being submitted as anonymous. i have to manually fill the "Your email or username" box. i have cookies enabled, and it happens in firefox (in safe mode, without any plugins), google chrome, opera.

hints: i have been tracing the cookies with firefox' cookie manager:

might be related to http://trac.edgewall.org/ticket/791 , http://trac.edgewall.org/ticket/6121 . see also http://trac.edgewall.org/log/branches/0.12-stable , which has some session cookie related fixes.

would be grateful if this could be fixed.

Attachments (0)

Change History (10)

comment:1 Changed 10 years ago by stoecker

I set auth_cookie_lifetime to 360000. Does it help?

comment:2 Changed 10 years ago by ax

unfortunately, it does not. still getting logged out, and still getting the second (and third and fourth and ...) trac_session (and now also getting more than one trac_auth cookie), which i would think is the cause of this problem.

comment:3 Changed 10 years ago by anonymous

ok, here is what i found sniffing the connection with wireshark (only the non-https part), looking for Set-Cookie:

  • the first cookies are set for the homepage:
      GET / HTTP/1.1
      Set-Cookie: trac_form_token=a1b74c41ea8662XXXXXXXXXX; Path=/
      Set-Cookie: trac_session=ce5e26eb052b29XXXXXXXXXX; expires=Wed, 02-Feb-2011 11:24:09 GMT; Path=/
    
  • the second time Set-Cookie is called is here:
    GET /browser/trunk/images/logo.png?format=raw HTTP/1.1
    Set-Cookie: trac_auth=; expires=Thu, 04-Nov-2010 08:37:58 GMT; Path=/
    Set-Cookie: trac_session=f6113951b4c164XXXXXXXXXX; expires=Wed, 02-Feb-2011 11:24:38 GMT; Path=/
    

aha! so the request to /browser/trunk/images/logo.png?format=raw kills my auth session! when i block this url via Adblock Plus, everything works as expected, i stay logged in.

/browser/trunk/images/logo.png?format=raw looks like a trac template / config error to me - this should be a static url, shouldn't it?. please fix. thanks!

comment:4 Changed 10 years ago by ax

well - almost :S the login stays for browsing other pages and previewing tickets - but apparently not for submitting them. let's see ...

comment:5 Changed 10 years ago by ax

now it does - never mind comment:4

comment:6 Changed 10 years ago by ax

trying to fix this by changing

[[Image(source:/trunk/images/logo.png)]] 

to

[[Image(/svn/trunk/images/logo.png)]]

in WikiStart. this works - however, /browser/trunk/images/logo.png?format=raw (generated by [[Image(source:/trunk/images/logo.png)]]) seems to be used somewhere else. maybe in the trac config ([header_logo], src)? would be great if you could hunt this down and change accordingly. thanks!

comment:7 Changed 10 years ago by stoecker

Better now?

comment:8 Changed 10 years ago by ax

Resolution: fixed
Status: newclosed

yep, that's it. thanks!

comment:9 Changed 10 years ago by ax

you might reset auth_cookie_lifetime to the original value ...

comment:10 Changed 10 years ago by ax

Component: unspecifiedTrac

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain team.
as The resolution will be set.
The resolution will be deleted.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.