Tags:
create new tag
, view all tags

Question

I'm using client sessions, with {Sessions}{ExpireAfter} set to 21600, but I have to login every browser session. I checked the cookie "TWIKISID" properties and it said it was set to expire with the browser session. I'm using Twiki::Client::TemplateLogin and am having no other authentication-related issues. I have only the default plugins installed and enabled.

Environment

TWiki version: TWikiRelease04x00x04
TWiki plugins: DefaultPlugin, EmptyPlugin, InterwikiPlugin
Server OS: Linux infong224 2.4.28-grsec-20050113a #1 SMP Thu Jan 13 08:59:31 CET 2005 i686 unknown
Web server: Apache 1.3.29
Perl version: 5.6.1
Client OS: MS WinXP SP2
Web Browser: 1.5.0.6
Categories: Hosting, Authentication

-- BryceSchober - 06 Sep 2006

Answer

ALERT! If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.

ping? Does no one else have this problem? How could I help to debug it?

-- BryceSchober - 09 Oct 2006

I don't think TWiki supports having authentication survive between browser sessions. - Though it is an interesting thought smile

Perhaps raise a discussion in Codev?

-- SteffenPoulsen - 10 Oct 2006

Argh! I figured that was the whole point of using cookies to begin with...

-- BryceSchober - 11 Oct 2006

I just read TWikiUserAuthentication again and it says:

"Once a user is logged on, they are remembered using a "session id" stored in a cookie in the browser (or by other less elegant means if the user has disabled cookies). This avoids them having to log on again and again."

That really leads me to believe that the Twiki session is intended to be preserved over client browser sessions. Is that really not what is intended?

-- BryceSchober - 11 Oct 2006

Really, it's not what was intended. The reason for the cookie is to remember the user between requests to the same server, within a single browser session. It's not rocket science how it does it, though. If you want to switch it so it remembers you between sessions, then edit the relevant parameters to CGI:Cookie->new in the modifyHeader and redirectCgiQuery functions in lib/TWiki/Client.pm. I think all you need to do is specify an expiration date e.g. -expires=>'+1d' to expire in a day hence.

-- CrawfordCurrie - 11 Oct 2006

I've created the feature request RememberCookieLogin to try to get this functionality into the login form.

-- BryceSchober - 12 Oct 2006

This could be done using the attached file http://www.twiki.org/p/pub/Support/AuthCookiesExpireEarly/remember.diff. Copy this file to your twiki directory. Then run patch -Np1 < remember.diff. That will add a "remember me" option to the login form and will keep track of remembered sessions for a year.

-- ChadParry - 05 Dec 2006

Good idea to add the checkbox. I have incorporated the patch for login.pattern.tmpl in SVN.

-- ArthurClemens - 06 Dec 2006

If what is documented is "really not what was intended", I see you have two options: 1) change the documentation, or 2) change the features to fit the documentation. As far as I can tell we still have the worst of both worlds - an feature that does not do what the documentation suggests it does...

-- EricWoods - 30 Jan 2007

Change status to:
Topic attachments
I Attachment History Action Size Date Who Comment
Unknown file formatdiff remember.diff r1 manage 4.6 K 2006-12-05 - 23:53 ChadParry Possible fix
Edit | Attach | Watch | Print version | History: r9 < r8 < r7 < r6 < r5 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r9 - 2007-01-30 - EricWoods
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.