public inbox for gnats-prs@sourceware.org
help / color / mirror / Atom feed
* Re: gnatsweb/201: GNATS Web forces stored cookies rather than temp cookies.
@ 2001-06-14 8:24 Yngve Svendsen
0 siblings, 0 replies; 3+ messages in thread
From: Yngve Svendsen @ 2001-06-14 8:24 UTC (permalink / raw)
To: yngves; +Cc: gnats-prs
The following reply was made to PR gnatsweb/201; it has been noted by GNATS.
From: Yngve Svendsen <yngve.svendsen@clustra.com>
To: ayourk@ndak.net,gnats-gnats@sourceware.cygnus.com
Cc:
Subject: Re: gnatsweb/201: GNATS Web forces stored cookies rather than
temp cookies.
Date: Thu, 14 Jun 2001 17:16:04 +0200
At 19:38 01.06.2001 +0000, ayourk@ndak.net wrote:
>GNATSweb forces the user to use permanent/stored cookies.
>It could use temp cookies if the cookies didn't use an expiration
>date/time. A patch is provided below:
Thanks for the patch. We do, however, want to keep using stored cookies
since we want to preserve login data between sessions.
I would, however, like to implement encryption of passwords stored in
cookies. Any input as to how that could best be done would be appreciated.
Yngve Svendsen
Gnatsweb maintainer
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: gnatsweb/201: GNATS Web forces stored cookies rather than temp cookies.
@ 2001-06-17 10:04 Aaron Yourk
0 siblings, 0 replies; 3+ messages in thread
From: Aaron Yourk @ 2001-06-17 10:04 UTC (permalink / raw)
To: yngves; +Cc: gnats-prs
The following reply was made to PR gnatsweb/201; it has been noted by GNATS.
From: "Aaron Yourk" <ayourk@srtnet.com>
To: <gnats-gnats@sourceware.cygnus.com>,
"Yngve Svendsen" <yngve.svendsen@clustra.com>
Cc:
Subject: Re: gnatsweb/201: GNATS Web forces stored cookies rather than temp cookies.
Date: Sun, 17 Jun 2001 11:47:46 -0500
I'm currently working on a way to have a little check box in the web page
for Login so that stored cookies are optioinal.
I think that this fits the bill better. The only thing I can think of that
would be good for the encryption of passwords is to (probably optionally)
provide a method of logging in over a secure connection. I realize that
this implies that the person has to have a secure web server. This is also
something feasible over SSL. There is such a thing as Secure cookies, which
are basically cookies for secure web sites.
----- Original Message -----
From: "Yngve Svendsen" <yngve.svendsen@clustra.com>
To: <ayourk@ndak.net>; <gnats-gnats@sourceware.cygnus.com>
Sent: Thursday, June 14, 2001 10:16 Am
Subject: Re: gnatsweb/201: GNATS Web forces stored cookies rather than temp
cookies.
At 19:38 01.06.2001 +0000, ayourk@ndak.net wrote:
>GNATSweb forces the user to use permanent/stored cookies.
>It could use temp cookies if the cookies didn't use an expiration
>date/time. A patch is provided below:
Thanks for the patch. We do, however, want to keep using stored cookies
since we want to preserve login data between sessions.
I would, however, like to implement encryption of passwords stored in
cookies. Any input as to how that could best be done would be appreciated.
Yngve Svendsen
Gnatsweb maintainer
^ permalink raw reply [flat|nested] 3+ messages in thread
* gnatsweb/201: GNATS Web forces stored cookies rather than temp cookies.
@ 2001-06-01 12:44 ayourk
0 siblings, 0 replies; 3+ messages in thread
From: ayourk @ 2001-06-01 12:44 UTC (permalink / raw)
To: gnats-gnats
>Number: 201
>Category: gnatsweb
>Synopsis: GNATS Web forces stored cookies rather than temp cookies.
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: unassigned
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Fri Jun 01 12:44:00 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator: ayourk@ndak.net
>Release: gnatsweb-2.80
>Organization:
>Environment:
Slackware 3.9, Linux kernel 2.0.39. GNATS 3.113.1
>Description:
GNATSweb forces the user to use permanent/stored cookies.
It could use temp cookies if the cookies didn't use an expiration date/time. A patch is provided below:
>How-To-Repeat:
>Fix:
--- gnatsweb.pl Fri Jun 1 14:34:28 2001
+++ gnatsweb.pl.NEW Fri Jun 1 14:33:17 2001
@@ -1825,8 +1825,9 @@
my $query_string = $q->query_string();
my $new_cookie = $q->cookie(-name => "gnatsweb-query-$queryname",
-value => $query_string,
- -path => $global_cookie_path,
- -expires => '+10y');
+ -path => $global_cookie_path);
+# -path => $global_cookie_path,
+# -expires => '+10y');
print $q->header(-cookie => $new_cookie);
# Now print the page.
@@ -1968,8 +1969,9 @@
my $expire_cookie_with_path =
$q->cookie(-name => "gnatsweb-query-$queryname",
-value => 'does not matter',
- -path => $global_cookie_path,
- -expires => '-1d');
+ -path => $global_cookie_path);
+# -path => $global_cookie_path,
+# -expires => '-1d');
my $expire_cookies = $expire_cookie_with_path;
# If we're using a non-empty $global_cookie_path, then we need to
@@ -1980,9 +1982,10 @@
{
my $expire_cookie_no_path =
$q->cookie(-name => "gnatsweb-query-$queryname",
- -value => 'does not matter',
+ -value => 'does not matter');
+# -value => 'does not matter',
# No -path here!
- -expires => '-1d');
+# -expires => '-1d');
$expire_cookies = [ $expire_cookie_with_path, $expire_cookie_no_path ];
}
@@ -3175,8 +3178,9 @@
# done so that the old cookie would not be read.
my $cookie = $q->cookie(-name => 'gnatsweb-global',
-value => \%global_prefs,
- -path => $global_cookie_path,
- -expires => $global_cookie_expires);
+ -path => $global_cookie_path);
+# -path => $global_cookie_path,
+# -expires => $global_cookie_expires);
warn "storing cookie: $cookie\n" if $debug;
return $cookie;
}
@@ -3244,13 +3248,15 @@
my $db = $global_prefs{'database'};
my $db_cookie = $q->cookie(-name => "gnatsweb-db-$db",
-value => \%db_prefs,
- -path => $global_cookie_path,
- -expires => $global_cookie_expires);
+ -path => $global_cookie_path);
+# -path => $global_cookie_path,
+# -expires => $global_cookie_expires);
my $expire_old_cookie = $q->cookie(-name => 'gnatsweb',
-value => 'does not matter',
- -path => $global_cookie_path,
+ -path => $global_cookie_path);
+# -path => $global_cookie_path,
#-path was not used for gnatsweb 2.5 cookies
- -expires => '-1d');
+# -expires => '-1d');
my $url = $q->param('return_url') || $q->url();
# 11/14/99 kenstir: For some reason setting cookies during a redirect
# didn't work; got a 'page contained no data' error from NS 4.7. This
>Release-Note:
>Audit-Trail:
>Unformatted:
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2001-06-17 10:04 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2001-06-14 8:24 gnatsweb/201: GNATS Web forces stored cookies rather than temp cookies Yngve Svendsen
-- strict thread matches above, loose matches on Subject: below --
2001-06-17 10:04 Aaron Yourk
2001-06-01 12:44 ayourk
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).