From: Boris Z. <bz...@2b...> - 2004-07-07 16:48:49
|
Hi, Am Mittwoch 07 Juli 2004 18:03 schrieb Shimon Rura: > Hi, > > I've been running my site on Apache 2.0 + pagekit 2.14_06 for a few weeks > and find that it is much faster than my old apache 1.2 configuration. > However some users have complained that when they login with > pkit_remember=1, they are subsequently logged out after some time passes. > If they do not select that parameter, they can stay logged in for the > duration of their browser session. > > I couldn't replicate this on my development server (running apache 1.2). I > also had no problem using my own account on the 2.0 production server, > where my remembered cookie had kept me logged in for months. Testing on a > clean browser with the 2.0 server, I did experience the problem. > > Inspecting the cookies, I found that the ones issued from a 2.0 server were > set to expire 5 minutes after their issue, while the 1.2-originated cookies > would expire after 10 years. This seems to only affect permanent cookies > issued with pkit_remember set to true from the login form. > > Has the handling of pkit_remember-ed cookie changed between pagekit 1 and > 2? Could a default that is was relying upon in mod_perl have changed? > Ideas? > The handling have not changed between A::P 1 and A::P 2. But there was a error in every version of libapreq2 that discards the coockies 1000 times to early. Perhaps that is the error. You can try this package, where the error is not present: http://eg.2bz.de/httpd-apreq-2-19042004.tar.gz or in the new developer release it is also fixed. http://search.cpan.org/CPAN/authors/id/J/JO/JOESUF/libapreq2-2.03_04-dev.tar.gz any other version do not handle the cockies correct. > thanks, > shimon. > -- Boris |