Bug #2291
Fix cookie handling
| Status: | Closed | Start date: | 04/03/2012 | |
|---|---|---|---|---|
| Priority: | Medium | Due date: | ||
| Assignee: | - | % Done: | 0% |
|
| Category: | Astakos | Spent time: | - | |
| Target version: | - |
Description
Astakos currently uses django session cookie to handle authentication status of profile pages (including get_menu) requests.
All other synnefo components use ASTAKOS_COOKIE_NAME cookie to check for user authenticity.
Astakos should make sure both cookies exist on all requests to avoid user client to reach in invalid state such as being able to display content of pithos/cyclades app with cloudbar showing in "not logged in" state (if astakos cookie is set and session cookie is deleted for some reason).
Associated revisions
get_menu api call checks the ASTAKOS_COOKIE_NAME instead of the sessionid cookie.
Refs: #2291
get_menu api call checks the ASTAKOS_COOKIE_NAME instead of the sessionid cookie.
Refs: #2291
set session cookie expiration to user auth_token expiration date
Refs: #2291
set session cookie expiration to user auth_token expiration date
Refs: #2291
middleware for the synchronization of the django session and the ASTAKOS_COOKIE
if ASTAKOS_COOKIE is set and the request user is not authenticated (sessionid cookie has expired or deleted), authenticate and login the user
Refs: #2291
middleware for the synchronization of the django session and the ASTAKOS_COOKIE
if ASTAKOS_COOKIE is set and the request user is not authenticated (sessionid cookie has expired or deleted), authenticate and login the user
Refs: #2291
History
#1 Updated by Sofia Papagiannaki about 11 years ago
the session cookie should be set to expire when expires the ASTAKOS_COOKIE_NAME
#2 Updated by Vangelis Koukis over 10 years ago
- Project changed from astakos to Synnefo
#3 Updated by Vangelis Koukis over 10 years ago
- Category set to Astakos
#4 Updated by Vangelis Koukis over 10 years ago
- Status changed from New to Closed
Both cookies are set as secure.
Closing ticket.