Bug 18807
| Summary: | Cookie behavior is not as designed | ||
|---|---|---|---|
| Product: | [Retired] Red Hat Network | Reporter: | Billy Marshall <marshall> |
| Component: | RHN/Web Site | Assignee: | Tom Lancaster <tlancast> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Jay Turner <jturner> |
| Severity: | medium | Docs Contact: | |
| Priority: | high | ||
| Version: | RHN Stable | CC: | marshall, srevivo |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | www.redhat.com/network | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2000-12-21 15:49:37 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Billy Marshall
2000-10-10 13:18:19 UTC
*** Bug 19252 has been marked as a duplicate of this bug. *** *** Bug 18131 has been marked as a duplicate of this bug. *** OK, so on echen.webdev.redhat.com, the session now times out no matter whether the user is active or not. So, with a timeout set to 2 minutes, if I am actively navigating around the site, after two minutes I will get thrown to a logged out page. Fixes were pushed to live site on 10/25. Reopening bug, as the behavior has returned. Need to know why this came back . . . what changed, when, why, etc. so that I can put it on a list of things to check the next time that piece or section of code changes. This appears to be working correctly again on live and webdev (11/20; jkt) And guess what . . . this bug is again back!! Yes, both webqa and live site are exhibiting this issue again. On webqa: log in as rhn7_copper; change the timeout to 1 minute; exit Netscape; wait a few minutes; start Netscape again and go to webqa.redhat.com; click on the "Free Trial" button and you will automatically be logged in on live site: log in as rhn7_mocha and follow the above instructions. Changes pushed to echen.current.webdevel.redhat.com. Couple of problems there. Log in as rhn7_copper and then wait for the session to timeout (currently set at 1 minute) Then attempt to log back into the site. The first time that you attempt to log in, will get "document contained no data" message. Attempting to log in again will actually log you into the site. Log in as rhn7_copper and then immediately quit that browser window. Wait longer than the timeout amount (currently set at 1 minute) and then open a window and navigate to the site. Log in as rhn7_copper and you will immediately get the "logged out" message (this is good) User is able to enter username and password and get logged into the site. So, there is definitely a code path issue between the first thing that I described and this one. Finally issue. Log into the site as rhn7_copper, then log out using the buttons on the site. This should kill off your cookie. Now, wait longer than the timeout amount (currently set at 1 minute) and then navigate back to the site. Enter the username and password, hit login and will immediately get the logged out screen. Have to enter username and password again to get logged into site. Since the cookie should not still be active, there should not be a chance to get timed out. Code currently in echen.current.webdevel.redhat.com works as it should. Ready for push to webqa environment. This has been pushed to live site and appears to be working correctly (jkt; 1/9/01) |