Defect #3371
closedAutologin does not work when using openid
0%
Description
After closing my browser authentification gets lost
http://redmine.bellax.net
ruby 1.8.7 (2008-08-11 patchlevel 72) [x86_64-linux]
rails (2.2.2)
postgres-pr (0.6.1)
PostgreSQL 8.3.7
Files
Updated by Andrew Kouznetsov over 15 years ago
autologin does not work when i am logging in by my openid url
Updated by Jean-Philippe Lang over 15 years ago
- Subject changed from Autologin dows not works to Autologin dows not works when using openid
Updated by Eric Davis about 15 years ago
- Category set to Accounts / authentication
- Resolution set to Cant reproduce
I can't reproduce this on the latest trunk version. Am I testing it correctly?
- Login as admin
- Setup OpenID url
- Logout
- Login as the OpenID url with "Remember Me"
- Enter OpenID authentication at OpenID host
- Logged into Redmine
- Close browser, clearing session cookies
- Start browser
- Visit Redmine
- Am still logged in from the "Remember Me"
Updated by Elias Chistyakov almost 15 years ago
--- app/controllers/account_controller.rb +++ app/controllers/account_controller.rb @@ -150,7 +150,7 @@ class AccountController < ApplicationController def open_id_authenticate(openid_url) - authenticate_with_open_id(openid_url, :required => [:nickname, :fullname, :email], :return_to => signin_url) do |result, identity_url, registration| + authenticate_with_open_id(openid_url, :required => [:nickname, :fullname, :email], :return_to => signin_url(:autologin => params[:autologin])) do |result, identity_url, registration| if result.successful? user = User.find_or_initialize_by_identity_url(identity_url) if user.new_record?
Updated by Andrew Kouznetsov over 14 years ago
My session resets each browser restart.
Here: rm.smix.name is clean redmine installation with a couple of projects.
(sorry I don't want search bots to index it)
Updated by Aron Rotteveel about 14 years ago
I actually have the some problem (using myopenid.com). This has never worked for me.
Updated by Peter Baumgartner about 14 years ago
This is present in 1.0.2. edavis10 had this to say in #redmine,
OpenID doesn't work with autologin because of how it comes back to Redmine. Autologin works with normal sessions.
"cant reproduce" resolution should be removed.
Updated by Aron Rotteveel almost 14 years ago
This issue still exists for me using 1.1.0.stable.4761
Updated by Etienne Massip over 13 years ago
- Category changed from Accounts / authentication to OpenID
Updated by Andrew Dahl about 12 years ago
- File redmine-openid_autologin_fix-DrewDahl-3371.patch redmine-openid_autologin_fix-DrewDahl-3371.patch added
Elias Chistyakov wrote:
[...]
I can confirm this bug still exists in 2.1.4.stable and the quoted patch works. I've attached one that applies to 2.1.4.stable, since that is likely easier for you.
I tested this with Firefox 17.0.1 and IE9.
To reproduce, I followed Eric Davis route similarly:
- Login using OpenID url and register user
- Logout
- Login with the OpenID url, selecting "Auto Login"
- Enter OpenID authentication at OpenID host
- Logged into Redmine
- Close browser, clearing session cookies
- Start browser
- Visit Redmine Homepage (not /login)
- Am no longer logged in (of course, with the patch, I am.)
Also, if it's relevant, I have auto logins setup to stay current for 7 days. (Although, I don't think that should matter.)
Updated by Jean-Philippe Lang almost 12 years ago
- Subject changed from Autologin dows not works when using openid to Autologin does not work when using openid
- Status changed from New to Resolved
- Assignee set to Jean-Philippe Lang
- Target version set to 2.3.0
- Resolution set to Fixed
Fixed in r11521.