Ticket #1997 (new defect)

Opened 13 months ago

Last modified 13 months ago

CMS sessions not sufficiently persistent

Reported by: smagnusson Owned by: aoneil
Priority: minor Milestone:
Component: CMS - General Version:
Severity: medium effort / impact Keywords:
Cc: Hours:

Description

1. have firefox and safari both quit. 2. open firefox, login to CMS, **TICKING REMEMBER ME** 3. close the firefox browser. 4. open firefox, visit CMS (e.g. mysite/admin). It works; i.e. no login asked. 5. close firefox.

6. open safari, login to CMS, **TICKING REMEMBER ME** 7. close safari.

8. open firefox and visit the CMS as in step #4. It no longer logs you in automatically.

Tested at home on www.silverstripe.com logging in as sigurd

Change History

Changed 13 months ago by sminnee

  • priority changed from medium to minor

This will be because an auto login key is saved to the database/cookie, and there is only room for one per member, and it's updated each time you log in for security.

To fix this, we'd need to have a MemberAutoLoginKeys? table, so that we could have multiple keys per user.

Changed 13 months ago by smagnusson

Just curious... Is this new behaviour with 2.2? Its frustrating.

Changed 13 months ago by sminnee

Yeah I imagine that it was part of Markus' security improvements.

Note: See TracTickets for help on using tickets.