Opened 12 years ago
Closed 2 years ago
#10029 closed defect (invalid)
make cookies more secure
Reported by: | jason | Owned by: | jason, was |
---|---|---|---|
Priority: | major | Milestone: | sage-duplicate/invalid/wontfix |
Component: | notebook | Keywords: | |
Cc: | jhpalmieri | Merged in: | |
Authors: | Tim Dumol | Reviewers: | |
Report Upstream: | N/A | Work issues: | |
Branch: | Commit: | ||
Dependencies: | Stopgaps: |
Description
Tim Dumol introduced some changes in #9822 that are designed to make cookies more secure and work better. The patch is attached.
Attachments (1)
Change History (7)
Changed 12 years ago by
comment:1 Changed 12 years ago by
comment:2 Changed 12 years ago by
- Cc timdumol added
- Status changed from new to needs_work
comment:3 Changed 12 years ago by
Here is the bug report (repeated on this ticket for clarity and completeness)
I installed this on my server (4.5.2) where I have apache forwarding port 80 (outside) to port 8000 (the local sage server). On logging in, I get a browser message: "Please enable cookies or delete all Sage cookies and localhost cookies in your browser and try again." In Firebug, I see I have two cookies: cookie_test_80
, and nb_session_8000}}}. That looks wrong, doesn't it?
When I delete all of my cookies from that server, I still can't log in (same error). After the error page comes up, and I click "Continue", I see the cookie_test_80
cookie show up in FireCookies??.
Before the patch, I see a cookie_test_8000
and a nb_session_8000
cookie. So maybe the problem is that after the patch above, we have a cookie_test_80
cookie.
comment:4 Changed 2 years ago by
- Cc jhpalmieri added; timdumol removed
- Milestone set to sage-duplicate/invalid/wontfix
- Status changed from needs_work to needs_review
this a very old ticket about the deprecated sagenb. Can we close ?
comment:5 Changed 2 years ago by
- Status changed from needs_review to positive_review
comment:6 Changed 2 years ago by
- Resolution set to invalid
- Status changed from positive_review to closed
This patch needs some work. See the discussion at the bottom of #9822 for a bug report.