Summary: | authentication in popup window sending back cookie | ||
---|---|---|---|
Product: | [Applications] konqueror | Reporter: | David Morel <david.morel> |
Component: | kcookiejar | Assignee: | Unassigned bugs mailing-list <unassigned-bugs> |
Status: | RESOLVED DUPLICATE | ||
Severity: | normal | ||
Priority: | NOR | ||
Version: | unspecified | ||
Target Milestone: | --- | ||
Platform: | unspecified | ||
OS: | Other | ||
Latest Commit: | Version Fixed In: |
Description
David Morel
2001-12-13 11:52:38 UTC
On Thursday 13 December 2001 03:52 am David Morel wrote: > Package: kcookiejar > > login w/ cookie problem > > in index.php i open a popup for authentication with a > href=3D"window.open..." in this popup is loaded login.php in which I hav= e a > form sending user+pass back to itsef. 2 cookies are then sent on successf= ul > login (user_name and id_hash). > > But they are properly received only if i open login.php in the main windo= w: > If i login through the child window (which is nicer in my opinion) the > cookies never make it. If i type "login.php" in the main window and > proceed the cookies are accepted. > > example : www.hepik.org > apache l/p : fnac/comitepartdieu > then on index.php click on 'S'identifier' in the left menu > popup appears. type l/p : abcdef/abcdef > cookies are sent but not taken into account. > now try loading login.php in main window l/p:abcdef/abcdef > once sent reload index.php u can see left menu has changed and cookies > are accepted. This is intended behaviour. Since your cookies don't specify an expire date= =20 they are only valid for the lifetime of the session the session ends when= =20 you close the window in which the cookies were issued. Does your page work with other webbrowsers?=20 Cheers Waldo |> On Thursday 13 December 2001 03:52 am David Morel wrote: |> > Package: kcookiejar |> > |> > login w/ cookie problem |> > |> > in index.php i open a popup for authentication with a |> > href="window.open..." in this popup is loaded login.php in which I have |> > a form sending user+pass back to itsef. 2 cookies are then sent on |> > successful login (user_name and id_hash). |> > |> > But they are properly received only if i open login.php in the main |> > window: If i login through the child window (which is nicer in my |> > opinion) the cookies never make it. If i type "login.php" in the main |> > window and proceed the cookies are accepted. |> > |> > example : www.hepik.org |> > apache l/p : fnac/comitepartdieu |> > then on index.php click on 'S'identifier' in the left menu |> > popup appears. type l/p : abcdef/abcdef |> > cookies are sent but not taken into account. |> > now try loading login.php in main window l/p:abcdef/abcdef |> > once sent reload index.php u can see left menu has changed and cookies |> > are accepted. |> |> This is intended behaviour. Since your cookies don't specify an expire |> date they are only valid for the lifetime of the session the session ends |> when you close the window in which the cookies were issued. |> |> Does your page work with other webbrowsers? |> |> Cheers Yes it does (mozilla 0.9.5 ie6). I understood the behaviour after sending the e-mail : if i refresh the main window while keeping the child window open it works ok. but if i close the child window it doesn't. Problem is a cookie isn't supposed to be valid for a session/window but for all windows pointing to the domain during a session right ? The other navigators understand the word 'session' as 'until the browser app is closed' which might be much less secure i get your point. Wouldn't it be a nice idea to have the cookie destroyed only when all windows using it would be closed ? it would make it more usable AND very secure in my opinion: i don't like specifiing a lifetime (lifetime=0 == better security in my opinion ...provided the browser app is closed...) congrats for kde as a whole ! -- David Morel ____________________________________ Attention ! nouvelle adresse : david.morel@amakuru.net I'm having the same problem when a popup closes the cookie that is being used to track my session is removed. |