Opened 10 years ago
Closed 8 months ago
#10029 closed defect (invalid)
make cookies more secure
| Reported by: | jason | Owned by: | jason, was |
|---|---|---|---|
| Priority: | major | Milestone: | sage-duplicate/invalid/wontfix |
| Component: | notebook | Keywords: | |
| Cc: | jhpalmieri | Merged in: | |
| Authors: | Tim Dumol | Reviewers: | |
| Report Upstream: | N/A | Work issues: | |
| Branch: | Commit: | ||
| Dependencies: | Stopgaps: |
Description
Tim Dumol introduced some changes in #9822 that are designed to make cookies more secure and work better. The patch is attached.
Attachments (1)
Change History (7)
Changed 10 years ago by
comment:1 Changed 10 years ago by
comment:2 Changed 10 years ago by
- Cc timdumol added
- Status changed from new to needs_work
comment:3 Changed 10 years ago by
Here is the bug report (repeated on this ticket for clarity and completeness)
I installed this on my server (4.5.2) where I have apache forwarding port 80 (outside) to port 8000 (the local sage server). On logging in, I get a browser message: "Please enable cookies or delete all Sage cookies and localhost cookies in your browser and try again." In Firebug, I see I have two cookies: cookie_test_80, and nb_session_8000}}}. That looks wrong, doesn't it?
When I delete all of my cookies from that server, I still can't log in (same error). After the error page comes up, and I click "Continue", I see the cookie_test_80 cookie show up in FireCookies??.
Before the patch, I see a cookie_test_8000 and a nb_session_8000 cookie. So maybe the problem is that after the patch above, we have a cookie_test_80 cookie.
comment:4 Changed 8 months ago by
- Cc jhpalmieri added; timdumol removed
- Milestone set to sage-duplicate/invalid/wontfix
- Status changed from needs_work to needs_review
this a very old ticket about the deprecated sagenb. Can we close ?
comment:5 Changed 8 months ago by
- Status changed from needs_review to positive_review
comment:6 Changed 8 months ago by
- Resolution set to invalid
- Status changed from positive_review to closed
This patch needs some work. See the discussion at the bottom of #9822 for a bug report.