Opened 9 years ago
Last modified 9 years ago
#10029 needs_work defect
make cookies more secure
| Reported by: | jason | Owned by: | jason, was |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | notebook | Keywords: | |
| Cc: | timdumol | Merged in: | |
| Authors: | Tim Dumol | Reviewers: | |
| Report Upstream: | N/A | Work issues: | |
| Branch: | Commit: | ||
| Dependencies: | Stopgaps: |
Description
Tim Dumol introduced some changes in #9822 that are designed to make cookies more secure and work better. The patch is attached.
Attachments (1)
Change History (4)
Changed 9 years ago by
comment:1 Changed 9 years ago by
comment:2 Changed 9 years ago by
- Cc timdumol added
- Status changed from new to needs_work
comment:3 Changed 9 years ago by
Here is the bug report (repeated on this ticket for clarity and completeness)
I installed this on my server (4.5.2) where I have apache forwarding port 80 (outside) to port 8000 (the local sage server). On logging in, I get a browser message: "Please enable cookies or delete all Sage cookies and localhost cookies in your browser and try again." In Firebug, I see I have two cookies: cookie_test_80, and nb_session_8000}}}. That looks wrong, doesn't it?
When I delete all of my cookies from that server, I still can't log in (same error). After the error page comes up, and I click "Continue", I see the cookie_test_80 cookie show up in FireCookies??.
Before the patch, I see a cookie_test_8000 and a nb_session_8000 cookie. So maybe the problem is that after the patch above, we have a cookie_test_80 cookie.
This patch needs some work. See the discussion at the bottom of #9822 for a bug report.