Red Hat Bugzilla – Bug 18807
Cookie behavior is not as designed
Last modified: 2015-01-07 18:42:11 EST
The web site is caching my cookie for too long. The cookie should expire
after 10 minutes, according to my preferences. Often, after being away
from the application for days, I will enter the www.redhat.com/network URL
and be taken directly to my main page with no login required. The
application should require me to login.
*** Bug 19252 has been marked as a duplicate of this bug. ***
*** Bug 18131 has been marked as a duplicate of this bug. ***
OK, so on echen.webdev.redhat.com, the session now times out no matter whether
the user is active or not. So, with a timeout set to 2 minutes, if I am
actively navigating around the site, after two minutes I will get thrown to a
logged out page.
Fixes were pushed to live site on 10/25.
Reopening bug, as the behavior has returned. Need to know why this came back .
. . what changed, when, why, etc. so that I can put it on a list of things to
check the next time that piece or section of code changes.
This appears to be working correctly again on live and webdev (11/20; jkt)
And guess what . . . this bug is again back!!
Yes, both webqa and live site are exhibiting this issue again.
On webqa: log in as rhn7_copper; change the timeout to 1 minute; exit Netscape;
wait a few minutes; start Netscape again and go to webqa.redhat.com; click on
the "Free Trial" button and you will automatically be logged in
on live site: log in as rhn7_mocha and follow the above instructions.
Changes pushed to echen.current.webdevel.redhat.com. Couple of problems there.
Log in as rhn7_copper and then wait for the session to timeout (currently set at
1 minute) Then attempt to log back into the site. The first time that you
attempt to log in, will get "document contained no data" message. Attempting to
log in again will actually log you into the site.
Log in as rhn7_copper and then immediately quit that browser window. Wait
longer than the timeout amount (currently set at 1 minute) and then open a
window and navigate to the site. Log in as rhn7_copper and you will immediately
get the "logged out" message (this is good) User is able to enter username and
password and get logged into the site. So, there is definitely a code path
issue between the first thing that I described and this one.
Finally issue. Log into the site as rhn7_copper, then log out using the buttons
on the site. This should kill off your cookie. Now, wait longer than the
timeout amount (currently set at 1 minute) and then navigate back to the site.
Enter the username and password, hit login and will immediately get the logged
out screen. Have to enter username and password again to get logged into site.
Since the cookie should not still be active, there should not be a chance to get
Code currently in echen.current.webdevel.redhat.com works as it should. Ready
for push to webqa environment.
This has been pushed to live site and appears to be working correctly (jkt; 1/9/01)