Details
-
Bug
-
Resolution: Duplicate
-
Minor
-
None
-
1.0
-
None
-
XWiki 1.0-RC6 (no option in list, I think RC6 became 1.0 Final)
Resin - 3.0.23
PostgreSQL - 8.0.12
Java - Java HotSpot(TM) Client VM (build 1.5.0_11-b03, mixed mode, sharing)
-
cookie security login
-
Low
-
Description
After logging in to XWiki, and clicking on the "Remember me on this computer" checkbox, I am able to successfully administer and edit pages in my XWiki instance.
I can close my browser, reopen it, and continue using the site as my logged in user.
If I leave my browser closed (and probably if I just don't use the site) for a few days, then when I return to use the site, I am no longer logged in.
My cookies after initial login look something like this (keys changed to protect the guilty):
domain | something | path | something else | expires | name | value |
---|---|---|---|---|---|---|
xwiki.example.com | FALSE | / | FALSE | Fri, 30 May 2008 08:19:56 GMT | style | default |
xwiki.example.com | FALSE | / | FALSE | Wed, 13 Jun 2007 11:35:39 GMT | password | DKaksMalwLa/saksKsdndm== |
xwiki.example.com | FALSE | / | FALSE | Wed, 13 Jun 2007 11:35:39 GMT | rememberme | true |
xwiki.example.com | FALSE | / | FALSE | Wed, 13 Jun 2007 11:35:39 GMT | validation | 29ab288de92f7ab3cd519a9ebc7ds933 |
xwiki.example.com | FALSE | / | FALSE | Wed, 13 Jun 2007 11:35:39 GMT | username | PfUdjskajjIJJDkskasmLQ== |
xwiki.example.com | FALSE | / | FALSE | Sat, 25 Mar 2017 12:11:17 GMT | language | en |
After waiting a few days and then connecting to site, but not doing ANYTHING
domain | something | path | something else | expires | name | value |
---|---|---|---|---|---|---|
xwiki.example.com | FALSE | / | FALSE | Fri, 30 May 2008 08:19:56 GMT | style | default |
xwiki.example.com | FALSE | / | FALSE | Sat, 25 Mar 2017 12:11:17 GMT | language | en |
I am able to reauthenticate successfully at this point.
Attachments
Issue Links
- duplicates
-
XWIKI-2463 Login cookie validation hash mismatch with Tomcat 5.5.20-2etch2
-
- Closed
-