#3776 (ok 3.5.6) Login without auth on second server

3.5.5
fixed
None
5
2013-06-11
2013-01-19
No

Tested with FF 18. I have two MySQL servers defined, and the credentials are different from each other. LoginCookieValidity is set to 14400.

Let's say I log in to the first, then choose the second one from the navi panel (for latest git) or from main panel (for 3.5.5) and log in to this one. Then I close all browser windows. Upon opening FF and starting PMA, I have to log in to the first server, but then I choose the second one and bam! I'm logged in.

Discussion

  • Marc Delisle

    Marc Delisle - 2013-01-19

    After reopening the browser, if I delete the cookies before visiting PMA, I'm asked to log in normally for both servers.

     
  • Marc Delisle

    Marc Delisle - 2013-01-19
    • milestone: Latest_Git --> 3.5.5
     
  • Marc Delisle

    Marc Delisle - 2013-01-19
    • Description has changed:

    Diff:

    --- old
    +++ new
    @@ -1,3 +1,3 @@
     Tested with FF 18. I have two MySQL servers defined, and the credentials are different from each other. LoginCookieValidity is set to 14400.
    
    -Let's say I log in to the first, then choose the second one from the navi panel and log in to this one. Then I close all browser windows. Upon opening FF and starting PMA, I have to log in to the first server, but then I choose the second one from navi and bam! I'm logged in.
    +Let's say I log in to the first, then choose the second one from the navi panel (for latest git) or from main panel (for 3.5.5) and log in to this one. Then I close all browser windows. Upon opening FF and starting PMA, I have to log in to the first server, but then I choose the second one from navi and bam! I'm logged in.
    
     
  • Marc Delisle

    Marc Delisle - 2013-01-19
    • Description has changed:

    Diff:

    --- old
    +++ new
    @@ -1,3 +1,3 @@
     Tested with FF 18. I have two MySQL servers defined, and the credentials are different from each other. LoginCookieValidity is set to 14400.
    
    -Let's say I log in to the first, then choose the second one from the navi panel (for latest git) or from main panel (for 3.5.5) and log in to this one. Then I close all browser windows. Upon opening FF and starting PMA, I have to log in to the first server, but then I choose the second one from navi and bam! I'm logged in.
    +Let's say I log in to the first, then choose the second one from the navi panel (for latest git) or from main panel (for 3.5.5) and log in to this one. Then I close all browser windows. Upon opening FF and starting PMA, I have to log in to the first server, but then I choose the second one and bam! I'm logged in.
    
     
  • Rouslan Placella

    It's not like you're being logged in without a password, the issue is that you are not being logged out properly and your cookies persist between sessions.

    An easier way to reproduce this issue is:

    • Clear all history in browser (including cookies)
    • Go to login screen and select directly the second server
    • Log in
    • Click the logout button
    • You will not be logged out, the page will simply refresh

    Can be reproduced on demo server.

     
  • Marc Delisle

    Marc Delisle - 2013-01-19
    • assigned_to: Marc Delisle
     
  • Marc Delisle

    Marc Delisle - 2013-01-19

    Found a bug in the parameters passed to setCookie() when setting the password cookie, so it does not obey LoginCookieStore directive.

     
  • Marc Delisle

    Marc Delisle - 2013-01-19

    This patch should fix the bug, but it does not work. Inside setCookie(), although a value of 0 is passed for $validity, it still detects a null.

     
  • Rouslan Placella

    The null value that you removed was actually for the $default parameter (the lines are badly indented in that call). Anyway, I guess the problem is elsewhere.

    Did you try to bisect? Logging out used to work fine at some point...

     
  • Marc Delisle

    Marc Delisle - 2013-01-19

    Thanks for noticing the bad indenting.
    Ok, found the real bug, see this new patch.

     
  • Marc Delisle

    Marc Delisle - 2013-01-19
    • summary: Login without auth on second server --> (ok 3.5.6) Login without auth on second server
    • status: open --> open-fixed
    • priority: 5 --> 1
     
  • Rouslan Placella

    As of revision 752083f4d811a92878796adcc7ca33ab94a8658b I can still reproduce the issue using the steps that I have listed above.

     
  • Rouslan Placella

    • status: open-fixed --> open
     
  • Rouslan Placella

    Actually it seems to be a different bug, I will open a separate artifact for it.

     
  • Rouslan Placella

    • status: open --> open-fixed
     
  • Marc Delisle

    Marc Delisle - 2013-01-28
    • Status: open-fixed --> closed-fixed
    • Priority: 1 --> 5
     
  • Michal Čihař

    Michal Čihař - 2013-06-11
    • Status: closed-fixed --> fixed
     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks