Bug #2291

Fix cookie handling

Added by Kostas Papadimitriou over 9 years ago. Updated over 8 years ago.

Status:Closed Start date:04/03/2012
Priority:Medium Due date:
Assignee:- % Done:

0%

Category:Astakos Spent time: -
Target version:-

Description

Astakos currently uses django session cookie to handle authentication status of profile pages (including get_menu) requests.

All other synnefo components use ASTAKOS_COOKIE_NAME cookie to check for user authenticity.

Astakos should make sure both cookies exist on all requests to avoid user client to reach in invalid state such as being able to display content of pithos/cyclades app with cloudbar showing in "not logged in" state (if astakos cookie is set and session cookie is deleted for some reason).

Associated revisions

Revision 63fa03fe
Added by Sofia Papagiannaki over 9 years ago

get_menu api call checks the ASTAKOS_COOKIE_NAME instead of the sessionid cookie.

Refs: #2291

Revision 63fa03fe
Added by Sofia Papagiannaki over 9 years ago

get_menu api call checks the ASTAKOS_COOKIE_NAME instead of the sessionid cookie.

Refs: #2291

Revision b42b0987
Added by Sofia Papagiannaki over 9 years ago

set session cookie expiration to user auth_token expiration date

Refs: #2291

Revision b42b0987
Added by Sofia Papagiannaki over 9 years ago

set session cookie expiration to user auth_token expiration date

Refs: #2291

Revision 68ed1683
Added by Sofia Papagiannaki over 9 years ago

middleware for the synchronization of the django session and the ASTAKOS_COOKIE

if ASTAKOS_COOKIE is set and the request user is not authenticated (sessionid cookie has expired or deleted), authenticate and login the user

Refs: #2291

Revision 68ed1683
Added by Sofia Papagiannaki over 9 years ago

middleware for the synchronization of the django session and the ASTAKOS_COOKIE

if ASTAKOS_COOKIE is set and the request user is not authenticated (sessionid cookie has expired or deleted), authenticate and login the user

Refs: #2291

History

#1 Updated by Sofia Papagiannaki over 9 years ago

the session cookie should be set to expire when expires the ASTAKOS_COOKIE_NAME

#2 Updated by Vangelis Koukis over 8 years ago

  • Project changed from astakos to Synnefo

#3 Updated by Vangelis Koukis over 8 years ago

  • Category set to Astakos

#4 Updated by Vangelis Koukis over 8 years ago

  • Status changed from New to Closed

Both cookies are set as secure.
Closing ticket.

Also available in: Atom PDF