You are viewing a plain text version of this content. The canonical link for it is here.
Posted to infrastructure-issues@apache.org by "Sebb (JIRA)" <ji...@apache.org> on 2007/12/09 18:59:43 UTC
[jira] Updated: (INFRA-1438) Cookie handling causes problems for
IE and Opera
[ https://issues.apache.org/jira/browse/INFRA-1438?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sebb updated INFRA-1438:
------------------------
Description:
The ASF wikis often have a common prefix, eg
jakarta
jakarta-commons
jakarta-jmeter
I've found that if one logs into jakarta with IE or Opera, it's then impossible to login to jakarta-xxx - this seems to be because those browsers match the prefix when deciding to send the cookie.
Edit: the problem is that the id from the jakarta cookie is assumed to be the id for tha jakarta-xxx wiki - the username is ignored (or at least not used to determine the id) when checking the login password. [Should have made this clear originally, sorry]
Possible solutions:
Edit: - ignore cookie when name and password are provided [this should be safe]
- change cookie to include trailing / [Edit: would still need to deal with slashless cookies, so perhaps not good]
I'm not particularly familiar with Python, but I may be able to provide patches ...
was:
The ASF wikis often have a common prefix, eg
jakarta
jakarta-commons
jakarta-jmeter
I've found that if one logs into jakarta with IE or Opera, it's then impossible to login to jakarta-xxx - this seems to be because those browsers match the prefix when deciding to send the cookie.
Possible solutions:
- ignore cookie when password is provided
- change cookie to include trailing /
I'm not particularly familiar with Python, but I may be able to provide patches ...
> Cookie handling causes problems for IE and Opera
> -------------------------------------------------
>
> Key: INFRA-1438
> URL: https://issues.apache.org/jira/browse/INFRA-1438
> Project: Infrastructure
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: MoinMoin
> Reporter: Sebb
> Priority: Minor
>
> The ASF wikis often have a common prefix, eg
> jakarta
> jakarta-commons
> jakarta-jmeter
> I've found that if one logs into jakarta with IE or Opera, it's then impossible to login to jakarta-xxx - this seems to be because those browsers match the prefix when deciding to send the cookie.
> Edit: the problem is that the id from the jakarta cookie is assumed to be the id for tha jakarta-xxx wiki - the username is ignored (or at least not used to determine the id) when checking the login password. [Should have made this clear originally, sorry]
> Possible solutions:
> Edit: - ignore cookie when name and password are provided [this should be safe]
> - change cookie to include trailing / [Edit: would still need to deal with slashless cookies, so perhaps not good]
> I'm not particularly familiar with Python, but I may be able to provide patches ...
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.