Opened 10 years ago

Closed 8 months ago

#10029 closed defect (invalid)

make cookies more secure

Reported by: jason Owned by: jason, was
Priority: major Milestone: sage-duplicate/invalid/wontfix
Component: notebook Keywords:
Cc: jhpalmieri Merged in:
Authors: Tim Dumol Reviewers:
Report Upstream: N/A Work issues:
Branch: Commit:
Dependencies: Stopgaps:

Description

Tim Dumol introduced some changes in #9822 that are designed to make cookies more secure and work better. The patch is attached.

Attachments (1)

10029-cookies-more-secure.patch (5.1 KB) - added by jason 10 years ago.

Download all attachments as: .zip

Change History (7)

Changed 10 years ago by jason

comment:1 Changed 10 years ago by jason

This patch needs some work. See the discussion at the bottom of #9822 for a bug report.

comment:2 Changed 10 years ago by jason

  • Authors set to Tim Dumol
  • Cc timdumol added
  • Status changed from new to needs_work

comment:3 Changed 10 years ago by jason

Here is the bug report (repeated on this ticket for clarity and completeness)

I installed this on my server (4.5.2) where I have apache forwarding port 80 (outside) to port 8000 (the local sage server). On logging in, I get a browser message: "Please enable cookies or delete all Sage cookies and localhost cookies in your browser and try again." In Firebug, I see I have two cookies: cookie_test_80, and nb_session_8000}}}. That looks wrong, doesn't it?

When I delete all of my cookies from that server, I still can't log in (same error). After the error page comes up, and I click "Continue", I see the cookie_test_80 cookie show up in FireCookies??.

Before the patch, I see a cookie_test_8000 and a nb_session_8000 cookie. So maybe the problem is that after the patch above, we have a cookie_test_80 cookie.

comment:4 Changed 8 months ago by chapoton

  • Cc jhpalmieri added; timdumol removed
  • Milestone set to sage-duplicate/invalid/wontfix
  • Status changed from needs_work to needs_review

this a very old ticket about the deprecated sagenb. Can we close ?

comment:5 Changed 8 months ago by jhpalmieri

  • Status changed from needs_review to positive_review

comment:6 Changed 8 months ago by chapoton

  • Resolution set to invalid
  • Status changed from positive_review to closed
Note: See TracTickets for help on using tickets.