(*** This bug was imported into bugs.kde.org ***) Package: kcookiejar login w/ cookie problem in index.php i open a popup for authentication with a href="window.open..." in this popup is loaded login.php in which I have a form sending user+pass back to itsef. 2 cookies are then sent on successful login (user_name and id_hash). But they are properly received only if i open login.php in the main window: If i login through the child window (which is nicer in my opinion) the cookies never make it. If i type "login.php" in the main window and proceed the cookies are accepted. example : www.hepik.org apache l/p : fnac/comitepartdieu then on index.php click on 'S'identifier' in the left menu popup appears. type l/p : abcdef/abcdef cookies are sent but not taken into account. now try loading login.php in main window l/p:abcdef/abcdef once sent reload index.php u can see left menu has changed and cookies are accepted. I am using RH7.2 kernel version 2.4.9 KDE 2.2.2 with Qt 2.3.1 -- David Morel ____________________________________ Attention ! nouvelle adresse : david.morel@amakuru.net
On Thursday 13 December 2001 03:52 am David Morel wrote: > Package: kcookiejar > > login w/ cookie problem > > in index.php i open a popup for authentication with a > href=3D"window.open..." in this popup is loaded login.php in which I hav= e a > form sending user+pass back to itsef. 2 cookies are then sent on successf= ul > login (user_name and id_hash). > > But they are properly received only if i open login.php in the main windo= w: > If i login through the child window (which is nicer in my opinion) the > cookies never make it. If i type "login.php" in the main window and > proceed the cookies are accepted. > > example : www.hepik.org > apache l/p : fnac/comitepartdieu > then on index.php click on 'S'identifier' in the left menu > popup appears. type l/p : abcdef/abcdef > cookies are sent but not taken into account. > now try loading login.php in main window l/p:abcdef/abcdef > once sent reload index.php u can see left menu has changed and cookies > are accepted. This is intended behaviour. Since your cookies don't specify an expire date= =20 they are only valid for the lifetime of the session the session ends when= =20 you close the window in which the cookies were issued. Does your page work with other webbrowsers?=20 Cheers Waldo
|> On Thursday 13 December 2001 03:52 am David Morel wrote: |> > Package: kcookiejar |> > |> > login w/ cookie problem |> > |> > in index.php i open a popup for authentication with a |> > href="window.open..." in this popup is loaded login.php in which I have |> > a form sending user+pass back to itsef. 2 cookies are then sent on |> > successful login (user_name and id_hash). |> > |> > But they are properly received only if i open login.php in the main |> > window: If i login through the child window (which is nicer in my |> > opinion) the cookies never make it. If i type "login.php" in the main |> > window and proceed the cookies are accepted. |> > |> > example : www.hepik.org |> > apache l/p : fnac/comitepartdieu |> > then on index.php click on 'S'identifier' in the left menu |> > popup appears. type l/p : abcdef/abcdef |> > cookies are sent but not taken into account. |> > now try loading login.php in main window l/p:abcdef/abcdef |> > once sent reload index.php u can see left menu has changed and cookies |> > are accepted. |> |> This is intended behaviour. Since your cookies don't specify an expire |> date they are only valid for the lifetime of the session the session ends |> when you close the window in which the cookies were issued. |> |> Does your page work with other webbrowsers? |> |> Cheers Yes it does (mozilla 0.9.5 ie6). I understood the behaviour after sending the e-mail : if i refresh the main window while keeping the child window open it works ok. but if i close the child window it doesn't. Problem is a cookie isn't supposed to be valid for a session/window but for all windows pointing to the domain during a session right ? The other navigators understand the word 'session' as 'until the browser app is closed' which might be much less secure i get your point. Wouldn't it be a nice idea to have the cookie destroyed only when all windows using it would be closed ? it would make it more usable AND very secure in my opinion: i don't like specifiing a lifetime (lifetime=0 == better security in my opinion ...provided the browser app is closed...) congrats for kde as a whole ! -- David Morel ____________________________________ Attention ! nouvelle adresse : david.morel@amakuru.net
I'm having the same problem when a popup closes the cookie that is being used to track my session is removed.
Since we are using BR# 64182 to track the problem of session cookies and popup windows, I will mark it as duplicate of that one eventhough this bugs predates it by over a year and a half. *** This bug has been marked as a duplicate of 64182 ***