Cookies problem

Christian Robottom Reis kiko at async.com.br
Fri Nov 21 11:42:22 UTC 2003


On Thu, Nov 20, 2003 at 07:19:58PM +0530, Vijayan.R.A.Reddy wrote:
> > Can you tell me if the user sees the correct ID *before* submitting the
> > bug, or is it wrong from the start (i.e., when he enters his password,
> > his ID is already incorrect)?
> 
> I fear these users dont log off often, so the typical usage scenario is,
> customer opens the browser, types in the URL, then goes on to file a
> bug, so when he says commit, it goes in someone else's name.

Nobody logs off, ever :-)

That would make sense -- they aren't authenticating at all, just
reusing a cookie. But the enter_bug page shows the login name at the
page footer; it would be great to find out if it's already wrong when
they hit the first URL, or only after commit.

One thing I'm interested in knowing is if, when explicitly logging in,
the user is correctly identified as himself in the page footer.

> No, the users dont share machines, nor do they share NT/Windows login
> accounts, they dont use dumb terminals, and they are behind a proxy.

Unless they share machines, it has to be a bizarre instance of wrong
set-cookie being received, or a cached cookie being sent *to* bugzilla
(but a cached header with the correct bug report information has to be
impossible). But they don't seem to be receiving set-cookie lines at
all, since it should only be sent when logging in, and as you said,
they're all already logged in.

> When a single user logged-in (we were monitoring), it generated 3 rows
> in the logincookies table.

3 rows with the same userid?

> >     - the second user is receiving a cached Set-Cookie value.
> >       Specifically where this caching is hapenning is up for grabs, and
> >       I can't really speculate on this.
> 
> Yes, this is what we speculated too.

By the way, you should upgrade, 2.16.4 is out :-)

Take care,
--
Christian Robottom Reis | http://async.com.br/~kiko/ | [+55 16] 261 2331



More information about the developers mailing list