Project

General

Profile

Actions

Feature #1763

closed

Autologin-cookie should be configurable

Added by Mischa The Evil over 16 years ago. Updated almost 14 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Accounts / authentication
Target version:
Start date:
2008-08-11
Due date:
% Done:

0%

Estimated time:
Resolution:
Fixed

Description

Currently the autologin-cookie is generated by ./app/controllers/account_controller.rb. There are currently no configurable settings regarding the autologin-cookie.

These facts currently makes the autologin-functionality unusable when using multiple (seperate) Redmine deployments on one domain under different sub-URI's. It may also interfere with autologin-cookies from other installed apps under the different sub-URI's.

It's possible to hack the account_controller manually in such a way that those properties are getting set for the cookie but than "it" looks like it breaks something, since after such hack the cookie isn't deleted anylonger when the user logs-out. This is possibly caused by the fact that the cookie with such extended properties doesn't match the search-string when the logout-routines are triggered and run (though I'm not sure about that).

I'd propose to make the following properties configurable (or add them) for the autologin-cookie:
  1. key
  2. path
  3. secure

(3) is equal to the request in #982 but I thought it was better to list it here also.

Furthermore issue #540 is related too this issue too, since it mentions the in this issue described behaviour also.


Related issues

Related to Redmine - Feature #7408: Add an application configuration fileClosed2011-01-22

Actions
Related to Redmine - Feature #540: Append suffix to cookie nameClosed

Actions
Related to Redmine - Feature #982: option to set secure flag on session and autologin cookieNew2008-04-03

Actions
Actions

Also available in: Atom PDF