[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-dev] [Bug #1399] Problems with login cookies: don't work with
From: |
nobody |
Subject: |
[Savannah-dev] [Bug #1399] Problems with login cookies: don't work with http, only https |
Date: |
Sun, 20 Oct 2002 05:43:08 -0400 |
=================== BUG #1399: LATEST MODIFICATIONS ==================
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=1399&group_id=11
Changes by: Mathieu Roy <address@hidden>
Date: 2002-Oct-20 11:43 (Europe/Paris)
------------------ Additional Follow-up Comments ----------------------------
I done all this test. I still does not understand and be unable to reproduce
this behavior.
=================== BUG #1399: FULL BUG SNAPSHOT ===================
Submitted by: psmith Project: Savannah
Submitted on: 2002-Oct-11 18:42
Category: PHP Engine Severity: 5 - Average
Priority: None Bug Group: None
Resolution: Works for me Assigned to: yeupou
Status: Open Effort: 0.00
Summary: Problems with login cookies: don't work with http, only https
Original Submission: After I log in to Savannah, I have a cookie (I assume)
that remembers my login. This is fine with one problem: it only seems to be
available if I use the https (SSL) connection. If I type in a URL like
http://savannah.gnu.org then my login is lost. It would be nice if the cookie
could be available even for non-SSL connections, since most of my bookmarks,
etc. use simple http://...
If that can't be done, please modify the URLs that the trackers send out to use
https://... instead of http://... so that when I get a new bug announcement I
can click on the link and when it comes up in my browser it's using my existing
login, rather than my having to edit the URL in the browser box to add the "s"
to make it https://... Note that it's fine to connect with https://...
addresses even if you're not logged in; it works the same.
Follow-up Comments
*******************
-------------------------------------------------------
Date: 2002-Oct-20 11:43 By: yeupou
I done all this test. I still does not understand and be unable to reproduce
this behavior.
-------------------------------------------------------
Date: 2002-Oct-12 18:30 By: psmith
I agree that, if the login issue can be fixed, you don't need to change the
email URLs (although it couldn't hurt: it might be that people don't realize
they aren't using a secure connection when they click those links). My bug
report said "if that can't be done, [then] please modify the URLs".
All I can say is that there must be something different about my Savannah
account, or about your Savannah account, that is causing this. I just tried
with lynx as well, and I tried from home, and I still see the same behavior.
In fact, I just logged into my fencepost.gnu.org account and ran "lynx
http://savannah.gnu.org", then picked "Login via SSL", then logged in, then
used "g" to get a URL prompt and typed in "http://savannah.gnu.org" and... same
thing. Now I'm not logged in again. Now I use "g" and enter
"https://savannah.gnu.org" and bingo, I'm logged in.
Maybe it's because your account is an admin account or something? Or maybe in
the past you've chosen the "remember me" option for your account and that makes
it work? Can you try creating a new account with no special privileges and not
selecting "remember me" or the "login to nongnu" options, and doing this test
there?
I'm willing to create a new account as well as a test, if you can delete it for
me after we're done. Let me know; thanks.
-------------------------------------------------------
Date: 2002-Oct-12 11:01 By: yeupou
"First, let me be more clear; when I said "URLs the tracker sends out" I meant
the ones that appear in the _email_ notifications, not on the web page; none of
the emailed URLs use https:// they all use http://. Sorry, I didn't explain
that well at all :-/."
Ok, but I do not see particular reason to send a mail with https.
The problem is the fact that you cannot be logged in via http but only via
https.
My problem is the fact that I clearly cannot reproduce your problem, with n any
browsers I can access.
Can someone else of the savannah hackers give it a try.
I tried with
RedHat 7.3 : mozilla, galeon, konqueror, links
Debian 3.0 : links
-------------------------------------------------------
Date: 2002-Oct-11 19:34 By: psmith
First, let me be more clear; when I said "URLs the tracker sends out" I meant
the ones that appear in the _email_ notifications, not on the web page; none of
the emailed URLs use https:// they all use http://. Sorry, I didn't explain
that well at all :-/.
I'm using Debian GNU/Linux 3.0 with Galeon 1.2.5, with the Mozilla 1.0.0
engine. But, this is not a new thing; it's been happening for a few versions
of each.
And, it definitely doesn't work. In fact I just did it again: I have Galeon
started and I'm looking at a Savannah page where I'm logged in. I got the
email for the update to this bug and I clicked the "http://..." link in the
email. It opened a new tab in Galeon which pointed to this page, _BUT_ it said
"you are not logged in", etc. I edited the URL box at the top to add the "s"
to change it to "https://..." and then I got to the same page, but this time I
*am* logged in.
I just started Netscape 4.77 and got the same behavior there as well. This is
exactly what I did:
* Start a new copy of the browser, to be sure no previous logins exist (I do
_NOT_ check the "remember me" box when I log in).
* In the URL box type "http://savannah.gnu.org" (no quotes obviously). Hit
RETURN.
* You are now not logged in, on the Savannah homepage. Click the "login via
SSL" link on the left.
* In the login page enter your username/password. I have "stay in SSL"
selected, but neither of the other two (enable for nongnu or remember me).
* I now am sent to "https://savannah.gnu.org/my" and I am logged in.
* I now edit the URL box and remove the "s" and the "/my", so it says
"http://savannah.gnu.org" again. I hit RETURN (removing the /my is optional;
if you don't do that you'll be sent back to the login screen).
Now I'm staring at the Savannah main page, and again I'm not logged in! If I
edit the URL back to have the "s", now I am logged in again. Etc.
-------------------------------------------------------
Date: 2002-Oct-11 19:13 By: yeupou
Cookies are set for the domain name, whatever the connection is secured or not.
This is strange.
Can you give details about the browser you are using?
Also, note that when you are on a page with https, all the links should begin
with https. If not, it's a bug. If you find a bug like this, please give us
pointers to the concerned pages.
CC list is empty
No files currently attached
For detailed info, follow this link:
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=1399&group_id=11
- [Savannah-dev] [Bug #1399] Problems with login cookies: don't work with http, only https, nobody, 2002/10/11
- [Savannah-dev] [Bug #1399] Problems with login cookies: don't work with http, only https, nobody, 2002/10/11
- [Savannah-dev] [Bug #1399] Problems with login cookies: don't work with http, only https, nobody, 2002/10/11
- [Savannah-dev] [Bug #1399] Problems with login cookies: don't work with http, only https, nobody, 2002/10/11
- [Savannah-dev] [Bug #1399] Problems with login cookies: don't work with http, only https, nobody, 2002/10/12
- [Savannah-dev] [Bug #1399] Problems with login cookies: don't work with http, only https, nobody, 2002/10/12
- [Savannah-dev] [Bug #1399] Problems with login cookies: don't work with http, only https,
nobody <=
- [Savannah-dev] [Bug #1399] Problems with login cookies: don't work with http, only https, nobody, 2002/10/21
- [Savannah-dev] [Bug #1399] Problems with login cookies: don't work with http, only https, nobody, 2002/10/21
- [Savannah-dev] [Bug #1399] Problems with login cookies: don't work with http, only https, nobody, 2002/10/21
- [Savannah-dev] [Bug #1399] Problems with login cookies: don't work with http, only https, nobody, 2002/10/21
- [Savannah-dev] [Bug #1399] Problems with login cookies: don't work with http, only https, nobody, 2002/10/21
- [Savannah-dev] [Bug #1399] Problems with login cookies: don't work with http, only https, nobody, 2002/10/21
- [Savannah-dev] [Bug #1399] Problems with login cookies: don't work with http, only https, nobody, 2002/10/22
- [Savannah-dev] [Bug #1399] Problems with login cookies: don't work with http, only https, nobody, 2002/10/22