Basic auth cookie handling #956

jesmrec · 2017-11-13T11:42:22Z

Steps

By checking the "Security" section of the user in webUI , we can notice something like this:

this is because some of the requests does not include in headers the cookies responsed by the server in previous requests.

Each time the server receives a requests with Authorization header and with no cookies, creates a new session.

Cookies are sent, so only a session is created for each User Agent

Testes with iPhone6Plus v10.0.1
Server 10.0.4

The text was updated successfully, but these errors were encountered:

nasli · 2017-11-16T13:57:22Z

jesmrec · 2017-11-16T14:26:18Z

Working fine in OAuth2

jesmrec · 2017-11-16T14:33:11Z

In basic auth, each time the app is killed and reopened, a new row is created.

nasli · 2017-11-22T09:07:00Z

Handling of cookies has been refactored here #962 and now the cookies also going to be stored before the app will be killed

jesmrec added Bug p3-medium sev2-high labels Nov 13, 2017

jesmrec mentioned this issue Nov 13, 2017

[3.7.0] Release new version #923

Closed

33 tasks

mmattel mentioned this issue Nov 13, 2017

Ability for admins to terminate other user's sessions owncloud/core#29548

Closed

nasli mentioned this issue Nov 16, 2017

Release 3.7.0 #958

Merged

nasli added this to the 3.7.0 milestone Nov 16, 2017

nasli added the Fixed label Nov 16, 2017

jesmrec added approved by QA and removed approved by QA labels Nov 16, 2017

nasli mentioned this issue Nov 21, 2017

Improve handling of cookies #962

Merged

3 tasks

jesmrec added the approved by QA label Nov 27, 2017

jesmrec closed this as completed Nov 27, 2017

nasli reopened this Dec 26, 2017

nasli closed this as completed in #958 Dec 26, 2017

Provide feedback