Bug 18807 - Cookie behavior is not as designed
Cookie behavior is not as designed
Status: CLOSED CURRENTRELEASE
Product: Red Hat Network
Classification: Red Hat
Component: RHN/Web Site (Show other bugs)
RHN Stable
All Linux
high Severity medium
: ---
: ---
Assigned To: Tom Lancaster
Jay Turner
www.redhat.com/network
: Security
: 18131 19252 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-10-10 09:18 EDT by Billy Marshall
Modified: 2015-01-07 18:42 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-12-21 10:49:37 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Billy Marshall 2000-10-10 09:18:19 EDT
The web site is caching my cookie for too long.  The cookie should expire
after 10 minutes, according to my preferences.  Often, after being away
from the application for days, I will enter the www.redhat.com/network URL
and be taken directly to my main page with no login required.  The
application should require me to login.
Comment 1 Jay Turner 2000-10-18 10:37:29 EDT
*** Bug 19252 has been marked as a duplicate of this bug. ***
Comment 2 Jay Turner 2000-10-25 08:32:23 EDT
*** Bug 18131 has been marked as a duplicate of this bug. ***
Comment 3 Jay Turner 2000-10-25 08:34:26 EDT
OK, so on echen.webdev.redhat.com, the session now times out no matter whether
the user is active or not.  So, with a timeout set to 2 minutes, if I am
actively navigating around the site, after two minutes I will get thrown to a
logged out page.
Comment 4 Jay Turner 2000-10-26 10:45:34 EDT
Fixes were pushed to live site on 10/25.
Comment 5 Jay Turner 2000-11-16 15:33:14 EST
Reopening bug, as the behavior has returned.  Need to know why this came back .
. . what changed, when, why, etc. so that I can put it on a list of things to
check the next time that piece or section of code changes.
Comment 6 Jay Turner 2000-11-20 09:51:22 EST
This appears to be working correctly again on live and webdev (11/20; jkt)
Comment 7 Jay Turner 2000-11-30 09:12:08 EST
And guess what . . . this bug is again back!!

Yes, both webqa and live site are exhibiting this issue again.

On webqa: log in as rhn7_copper; change the timeout to 1 minute; exit Netscape;
wait a few minutes; start Netscape again and go to webqa.redhat.com; click on
the "Free Trial" button and you will automatically be logged in

on live site: log in as rhn7_mocha and follow the above instructions.
Comment 8 Jay Turner 2000-12-15 07:35:52 EST
Changes pushed to echen.current.webdevel.redhat.com.  Couple of problems there.

Log in as rhn7_copper and then wait for the session to timeout (currently set at
1 minute)  Then attempt to log back into the site.  The first time that you
attempt to log in, will get "document contained no data" message.  Attempting to
log in again will actually log you into the site.

Log in as rhn7_copper and then immediately quit that browser window.  Wait
longer than the timeout amount (currently set at 1 minute) and then open a
window and navigate to the site.  Log in as rhn7_copper and you will immediately
get the "logged out" message (this is good)  User is able to enter username and
password and get logged into the site.  So, there is definitely a code path
issue between the first thing that I described and this one.

Finally issue.  Log into the site as rhn7_copper, then log out using the buttons
on the site.  This should kill off your cookie.  Now, wait longer than the
timeout amount (currently set at 1 minute) and then navigate back to the site. 
Enter the username and password, hit login and will immediately get the logged
out screen.  Have to enter username and password again to get logged into site. 
Since the cookie should not still be active, there should not be a chance to get
timed out.
Comment 9 Jay Turner 2000-12-21 10:49:33 EST
Code currently in echen.current.webdevel.redhat.com works as it should.  Ready
for push to webqa environment.
Comment 10 Jay Turner 2001-01-10 09:52:42 EST
This has been pushed to live site and appears to be working correctly (jkt; 1/9/01)

Note You need to log in before you can comment on or make changes to this bug.