https://www.redmine.org/https://www.redmine.org/favicon.ico?16793021292012-05-09T09:14:49ZRedmineRedmine - Feature #10840: Allow "Stay logged in" from multiple browsershttps://www.redmine.org/issues/10840?journal_id=380202012-05-09T09:14:49ZTerence Mill
<ul></ul><p>+1</p> Redmine - Feature #10840: Allow "Stay logged in" from multiple browsershttps://www.redmine.org/issues/10840?journal_id=381912012-05-15T16:57:39ZBrenden Soares
<ul></ul><p>+1 Agreed.</p>
<p>"Stay logged in" is a joke a it is. Keeps making me log in within 5mins of my last login. Apparently, it's the session cookie policy that needs changing to allow for multiple sessions per user?</p> Redmine - Feature #10840: Allow "Stay logged in" from multiple browsershttps://www.redmine.org/issues/10840?journal_id=381932012-05-15T17:07:13ZEtienne Massip
<ul><li><strong>Category</strong> set to <i>Accounts / authentication</i></li></ul> Redmine - Feature #10840: Allow "Stay logged in" from multiple browsershttps://www.redmine.org/issues/10840?journal_id=502452013-06-26T20:15:36ZAnonymous
<ul></ul><p>I access Redmine via Firefox, but MS Outlook loads pictures from Redmine via Internet Explorer. So if I log in from Firefox, I can't see pictures in confirmation letters.</p> Redmine - Feature #10840: Allow "Stay logged in" from multiple browsershttps://www.redmine.org/issues/10840?journal_id=649932015-07-23T11:12:24Znone provided
<ul></ul><p>Must have for proper mobile usage where you switch 5 times a day between mobile phone, notebook and desktop PC.</p> Redmine - Feature #10840: Allow "Stay logged in" from multiple browsershttps://www.redmine.org/issues/10840?journal_id=673362015-11-16T13:09:58ZGregor Schmidtschmidt@nach-vorne.eu
<ul><li><strong>File</strong> <a href="/attachments/14656">0001-Define-token-action-properties-explicitly.patch</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/14656/0001-Define-token-action-properties-explicitly.patch">0001-Define-token-action-properties-explicitly.patch</a> added</li><li><strong>File</strong> <a href="/attachments/14657">0001-10840-allow-stay-logged-in-from-multiple-browsers.patch</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/14657/0001-10840-allow-stay-logged-in-from-multiple-browsers.patch">0001-10840-allow-stay-logged-in-from-multiple-browsers.patch</a> added</li></ul><p>I have added two alternative patches, which implement this feature.</p>
<p>The first one (0001-10840-allow-stay-logged-in-from-multiple-browsers.patch) makes use of the features introduced in <a class="changeset" title="Keep track of valid user sessions (#21058)." href="https://www.redmine.org/projects/redmine/repository/svn/revisions/14735">r14735</a>. It allows 10 concurrent autologin tokens per user, updates the tests accordingly and does not change anything else.</p>
<hr />
<p>The second one (0001-Define-token-action-properties-explicitly.patch) refactors the token class.</p>
<p><strong>To ease review</strong>, I kept the original patch series which lead to the proposed solution <a href="https://github.com/schmidt/redmine/compare/master...issue/10840-refactoring" class="external">on GitHub</a>.</p>
<p><strong>Motivation:</strong> Token actions within Redmine have a defined lifetime and a maximum number of instances per user. These are defined within the current code base (session - 1 day, 10 instances; autologin - Setting.autologin.days, 1 instance, api - does not expire, 1 instance; ...), but the configuration is not made explicitly. Instead it is spread across multiple methods within the Token class. This makes it tedious to change the properties of a certain token action and, more importantly, it makes it difficult to reuse the token class from plugin code, without the need to override Token methods. In the current code base, non-core tokens will always expire after 1 day and there may only be one token per action/user. If a plugin would need a token more similar to the session or api token, it would need to override multiple methods within app/models/token.rb to achieve the desired effect.</p>
<p><strong>Approach</strong>: The refactoring adds an explicit configuration for the diffent exisiting token actions, using the properties, that are currently in use. It then changes the action related methods within the Token class, to use the configured properties instead of the hard coded approach used earlier. This way, the list of actions may be extended by plugins, without the need to change core methods.</p>
<p><strong>Changes</strong>: In order to solve this issue, the proposed patch, sets the maximum number of instances of the autologin token to 10 - similar to the session tokens.</p>
<p><strong>Fixes</strong>: Previously <code>Token.destroy_expired</code> would delete perfectly valid autologin tokens, when <code>Settings.autologin != "1"</code>. The proposed patch fixes that bug.</p> Redmine - Feature #10840: Allow "Stay logged in" from multiple browsershttps://www.redmine.org/issues/10840?journal_id=673372015-11-16T13:12:35ZGregor Schmidtschmidt@nach-vorne.eu
<ul></ul><p>As far as I can tell, <a class="issue tracker-2 status-5 priority-4 priority-default closed" title="Feature: keep autologin cookie with several web browsers (Closed)" href="https://www.redmine.org/issues/6120">#6120</a> is a duplicate of this issue.</p> Redmine - Feature #10840: Allow "Stay logged in" from multiple browsershttps://www.redmine.org/issues/10840?journal_id=675892015-11-30T14:04:49ZJan from Planio www.plan.io
<ul><li><strong>Target version</strong> set to <i>Candidate for next major release</i></li></ul><p>As heavy plugin developers, we've ran into this a few times already. The proposed patch would be a great improvement for plugins, so I'm (boldly) pushing this for a next major release ;-)</p> Redmine - Feature #10840: Allow "Stay logged in" from multiple browsershttps://www.redmine.org/issues/10840?journal_id=679612015-12-16T04:13:14ZToshi MARUYAMA
<ul><li><strong>Has duplicate</strong> <i><a class="issue tracker-2 status-5 priority-4 priority-default closed" href="/issues/6120">Feature #6120</a>: keep autologin cookie with several web browsers</i> added</li></ul> Redmine - Feature #10840: Allow "Stay logged in" from multiple browsershttps://www.redmine.org/issues/10840?journal_id=752152016-12-22T10:56:23ZMoritz Scholz
<ul></ul><p>+1 <br />The current behavior makes working with both desktop and a mobile device really annoying. I wonder why this does not get more attention.</p> Redmine - Feature #10840: Allow "Stay logged in" from multiple browsershttps://www.redmine.org/issues/10840?journal_id=755882017-01-03T03:57:01ZGo MAEDA
<ul><li><strong>Target version</strong> changed from <i>Candidate for next major release</i> to <i>3.4.0</i></li></ul><p>I have tested the patch <a class="attachment" href="https://www.redmine.org/attachments/14657">0001-10840-allow-stay-logged-in-from-multiple-browsers.patch</a>. It works fine as expected. Setting target version to 3.4.0.</p>
<p>Unfortunately 0001-Define-token-action-properties-explicitly.patch cannot be applied to the current trunk cleanly, I have not tested yet.</p> Redmine - Feature #10840: Allow "Stay logged in" from multiple browsershttps://www.redmine.org/issues/10840?journal_id=756432017-01-05T09:10:38ZGregor Schmidtschmidt@nach-vorne.eu
<ul><li><strong>File</strong> <a href="/attachments/17408">0001-10840-Define-token-action-properties-explicitly.patch</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/17408/0001-10840-Define-token-action-properties-explicitly.patch">0001-10840-Define-token-action-properties-explicitly.patch</a> added</li></ul><p>I have updated the other patch (with the included refactoring) to the current trunk <a class="changeset" title="Wrong activity timezone on user page (#14658). Patch by Go MAEDA." href="https://www.redmine.org/projects/redmine/repository/svn/revisions/16138">r16138</a>. I would be glad if you could take a second look.</p>
<p>The patch series, which led to the proposed changes, is still available <a href="https://github.com/schmidt/redmine/compare/master...issue/10840-refactoring" class="external">on GitHub</a> for easier review, and has been updated as well.</p> Redmine - Feature #10840: Allow "Stay logged in" from multiple browsershttps://www.redmine.org/issues/10840?journal_id=758882017-01-12T22:21:13ZJean-Philippe Langjp_lang@yahoo.fr
<ul><li><strong>Subject</strong> changed from <i>allow "stay logged in" from multiple browsers</i> to <i>Allow "Stay logged in" from multiple browsers</i></li><li><strong>Status</strong> changed from <i>New</i> to <i>Closed</i></li><li><strong>Assignee</strong> set to <i>Jean-Philippe Lang</i></li><li><strong>Resolution</strong> set to <i>Fixed</i></li></ul><p>The refactoring patch is committed, thanks. Followed by a fix for SQL errors with PostgreSQL (<code>Token.invalid_when_created_before</code> was never returning nil making <code>next if validity_time.nil?</code> useless).</p> Redmine - Feature #10840: Allow "Stay logged in" from multiple browsershttps://www.redmine.org/issues/10840?journal_id=809052017-09-01T09:35:54ZToshi MARUYAMA
<ul><li><strong>Related to</strong> <i><a class="issue tracker-2 status-5 priority-4 priority-default closed" href="/issues/26617">Feature #26617</a>: stop Concurrent season </i> added</li></ul>