Opened 9 years ago

Last modified 9 years ago

#10029 needs_work defect

make cookies more secure

Reported by: jason Owned by: jason, was
Priority: major Milestone:
Component: notebook Keywords:
Cc: timdumol Merged in:
Authors: Tim Dumol Reviewers:
Report Upstream: N/A Work issues:
Branch: Commit:
Dependencies: Stopgaps:

Description

Tim Dumol introduced some changes in #9822 that are designed to make cookies more secure and work better. The patch is attached.

Attachments (1)

10029-cookies-more-secure.patch (5.1 KB) - added by jason 9 years ago.

Download all attachments as: .zip

Change History (4)

Changed 9 years ago by jason

comment:1 Changed 9 years ago by jason

This patch needs some work. See the discussion at the bottom of #9822 for a bug report.

comment:2 Changed 9 years ago by jason

  • Authors set to Tim Dumol
  • Cc timdumol added
  • Status changed from new to needs_work

comment:3 Changed 9 years ago by jason

Here is the bug report (repeated on this ticket for clarity and completeness)

I installed this on my server (4.5.2) where I have apache forwarding port 80 (outside) to port 8000 (the local sage server). On logging in, I get a browser message: "Please enable cookies or delete all Sage cookies and localhost cookies in your browser and try again." In Firebug, I see I have two cookies: cookie_test_80, and nb_session_8000}}}. That looks wrong, doesn't it?

When I delete all of my cookies from that server, I still can't log in (same error). After the error page comes up, and I click "Continue", I see the cookie_test_80 cookie show up in FireCookies??.

Before the patch, I see a cookie_test_8000 and a nb_session_8000 cookie. So maybe the problem is that after the patch above, we have a cookie_test_80 cookie.

Note: See TracTickets for help on using tickets.