Feature #1634
Set cookie on invite
Status: | Closed | Start date: | 11/10/2011 | |
---|---|---|---|---|
Priority: | Medium | Due date: | ||
Assignee: | Sofia Papagiannaki | % Done: | 100% |
|
Category: | Pithos | Spent time: | - | |
Target version: | - |
Description
Now, the "accept invitation" action registers the user and redirects to the ui, where the cookie is set. This has the problem that the token is included in the URL parameters, which is saved in the browser's history. By setting the cookie before going to the ui, we could avoid this practice, which raises security concerns.
Does this make the cookie-setting code in middleware/auth.py obsolete?
Associated revisions
Do not pass on user and token if on the same server.
Refs #1634
Do not pass on user and token if on the same server.
Refs #1634
Use the full URI at invitation targets.
Fixes #1634
Use the full URI at invitation targets.
Fixes #1634
History
#1 Updated by Antony Chazapis over 12 years ago
Also set invitation target to host root and not /ui.
#2 Updated by Antony Chazapis over 12 years ago
When finished with the above, it will be easy to get the BASE_URL from the request (remove from settings).
#3 Updated by Antony Chazapis over 12 years ago
- Target version changed from 0.8.1 to 0.7.10
#4 Updated by Sofia Papagiannaki over 12 years ago
invitation target change and BASE_URL elimination from settings are included in Revision a7ae042e845900f5202439862d76be7fbd29ade1
#5 Updated by Antony Chazapis over 12 years ago
- Status changed from New to Closed
- % Done changed from 0 to 100
Applied in changeset c9972f0f5075ecea97a3d95d33f41ef8b9c49fd6.
#6 Updated by Vangelis Koukis about 11 years ago
- Project changed from Pithos to Synnefo
- Target version deleted (
0.7.10)
#7 Updated by Vangelis Koukis about 11 years ago
- Category set to Pithos