Defect #16489
closed
Autologin Cookie doesn't differentiate between different Redmine systems within the same browser
0%
Description
When I'm using two different Redmine systems (for example a working system and a testing system) within the same browser (tested with Chrome an IE), the autologin cookie registers everytime automatically the two users of each system with the same ID on the databases.
An example: I'm logged in on the working system with my work account. Now I open a new tab, go to the testing system and register myself with a test account.
When I'm now going back to the working system and refresh the side, I'm no longer logged in with my work account, but with the account of another workmate, which got the same ID on the working system database as the test account on the testing system database.
There is no authentification (password) needed, which effects that I am able to login with each user of the working system, as long as I got a user on my testing system with the same ID.
Related issues
Updated by Ebrahim Mohammadi over 10 years ago
Aren't you using the same secret token for both of your Redmine instances?
Updated by Toshi MARUYAMA over 10 years ago
- Status changed from New to Needs feedback
Ebrahim Mohammadi wrote:
Aren't you using the same secret token for both of your Redmine instances?
And you can change path by adding config/additional_environment.rb with following content.
config.session_store :cookie_store, {
:key => '_redmine_session',
:path => '/redmine',
}
Updated by Go MAEDA about 9 years ago
- Related to Patch #21169: Use config.relative_url_root as the default path for session and autologin cookies added
Updated by Toshi MARUYAMA about 9 years ago
- Status changed from Needs feedback to Closed
- Priority changed from Urgent to Normal
- Resolution set to No feedback
No feedback.