Forum OpenACS Q&A: Cookies not staying after I close my browser

1: Cookies not staying after I close my browser

Posted by Gilbert Wong on 10/25/00 07:46 AM

Hi OpenACS Team,

My login cookies don't stay after I close my browser. I can't figure
out what I did wrong. Do you guys have any ideas?

I'm running the latest release of OpenACS. Thanks!

Gilbert

PS. I have some free time. Do you guys need help porting ACS 4.0?

2: Response to Cookies not staying after I close my browser (response to 1)

Posted by Ben Adida on 10/26/00 05:10 AM

Are you using the "remember me" feature? Just
double-checking.

3: Response to Cookies not staying after I close my browser (response to 1)

Posted by Gilbert Wong on 10/26/00 05:19 AM

Ben,

Yes I am. I also have the allow persistent login set in the .ini file in the parameters directory. The behavior is very odd. I was going to do some more investigation but I wanted to make sure that there were no outstanding bugs. I must have configured something incorrectly. If you have any suggestions as to where I should look, please let me know. I'll let you guys know if I find out what is going on. Thanks.

4: Response to Cookies not staying after I close my browser (response to 1)

Posted by Ryan Lee on 10/26/00 06:43 AM

Just sounding off that I've run into the same problem. I've been digging a little in my spare time, but don't have anything useful to add. The behavior occurs with a fresh OpenACS 3.2.4 install and still occurs even with the latest sourceforge /tcl/ad-security.tcl

5: Response to Cookies not staying after I close my browser (response to 1)

Posted by Gilbert Wong on 10/26/00 07:39 AM

If anyone wants to see this behavior, try logging into anime.orchardlabs.com. Then close your browser and return to the site. You shouldn't be able to access /pvt/home without logging in again.

The odd thing is that my development server on my internal network does NOT display this behavior. I'm baffled.

Gilbert

6: Response to Cookies not staying after I close my browser (response to 1)

Posted by Ryan Lee on 10/26/00 07:49 AM

I take it back. It's not from a fresh install. Gilbert, do you have database passwords set to be encrypted? Because I do, and that's the source of the problem. Take out the

if { [ad_parameter EncryptPasswordsInDBP "" 0] } {
    set password [ns_crypt $password [ad_crypt_salt]]
}

block on line 238 of ad-security.tcl. This block is essentially saying "if the passwords are encrypted in the database, then encrypt the hexified password from the cookie (ad_user_login)." The only problem being that the hexified password is already the hexified encrypted password.

So what the session_id setter is trying to do is match the dehexified encrypted hexified encrypted password to the encrypted password from the database. Obviously those two won't be equal, so it assumes you're not logged in and proceeds accordingly.

Hope that wasn't too cryptic. Mine works now :)

7: Response to Cookies not staying after I close my browser (response to 1)

Posted by Ryan Lee on 10/26/00 07:49 AM

Oops, that's line 283, not line 238.

8: Response to Cookies not staying after I close my browser (response to 1)

Posted by Gilbert Wong on 10/26/00 08:12 AM

Ryan,

Thanks. That was the next thing I was going to check :) My dev box doesn't use crypted passwords. I'll make the necessary changes. Thanks!!!

9: Response to Cookies not staying after I close my browser (response to 1)

Posted by Marshall Trammell,III on 10/29/00 01:03 AM

I recently noticed a difference in the way IE5 &
Netscape handle cookies. Netscape does not seem to
require the domain name of the server whereas IE5 does.
But ... on a development machine (localhost) neither
browser seems to care.

I went round & round with this recently.
Be advised though, I'm just learning this stuff.