You are here: Foswiki>Tasks Web>Item4782 (17 Mar 2012, SvenDowideit)Edit Attach

Item4782: Checking "Remember me on this computer" in login screen fails to remember me

pencil
Priority: Normal
Current State: Closed
Released In: n/a
Target Release:
Applies To: Engine
Component:
Branches:
Reported By: Foswiki:Main.ArthurClemens
Waiting For:
Last Change By: SvenDowideit
happens on:
  • Mac Firefox
  • Mac Safari (3.0.3)
  • Windows Firefox
I cannot pinpoint it yet to one cause.

But overall it looks like the "remember" setting is not carried through:
  • when I close the browser and open it again, I am not remembered at all
  • perhaps this is because the "remember" setting is stored in a session cookie, so it is not stored permanently
-- TWiki:Main.ArthurClemens - 08 Oct 2007

It is not the browser which saves the cookie, it is TWiki. All the browser does exchange with TWiki is the session id, which serves as a key to the file name.

I can not reproduce your observation - for me, remembering works with both Firefox on Linux and Epiphany. I can hardly see why the browser could have an effect on what TWiki will write into its session file. Could you describe in some more detail what you actually observe?

BTW: There's a browser setting in Firefox which allows to clear all cookies when "I close Firefox". But that should not prevent login, just "remembering" can't work because the session id (the pointer to the file) is missing.

-- TWiki:Main.HaraldJoerg - 08 Oct 2007

So what does "remember" do when it is working? Where and when are you remembered? And where is that setting (cookie) stored?

-- TWiki:Main.ArthurClemens - 08 Oct 2007

For every request, regardless of the browser, TWiki sends you a cookie with name TWIKISID and the content of a "session id". This session id is just a pointer a file name, the part after working/tmp/cgisess_, which is stored by TWiki on the server side. The client has just "his" part of the file name, and adds this cookie back to every request to the server.

Now if you have Remember set to true, two things happen:
  • The string ,Remember => 1 is added to the contents of the file, and it is rewritten.
  • The cookie you get has now not only a content (the session id), but also a property "expiration date". The browser has the choice to respect that expiration date, in which case it will write it to a file. Or he can ignore it, i.e. keep it in memory only.

If you restart the browser, and it finds the cookie with an expiration date in the future in his files, it will re-send it to TWiki, which in turn will still have the session file. You are recognized.

If the browser has no cookie for the server, you'll have to login afresh.

-- TWiki:Main.HaraldJoerg - 08 Oct 2007

Thanks for the explanation.

I would like some more people to confirm it is working for them.

-- TWiki:Main.ArthurClemens - 08 Oct 2007

Tested both in IE and FF. Works fine as long as you remember to allow cookies and allow them to be remembered. Which is normally default in IE and FF.

I do not see further actions.

-- TWiki:Main.KennethLavrsen - 15 Oct 2007

I and my users are seeing the same behaviour with FF 2 and 3 on Windows XP, TWiki 4.2.0. No problems with IE 6 or 7. With Firebug and its Cookies extension I am seeing the following behaviour:
  • start out on a TWiki page, not logged in, TWIKISID with no expires setting, cgisession file on the server located and opened in notepad++
  • login without setting the remember me option, TWIKISID gets updated but it's still just the same SID, the cgisession file gets updated to recognise me and REMEMBER is 'undef'
  • logout and TWIKISID gets updated but remains the same (as before), cgisession file gets updated to reflect the fact that I've logged out
  • here's the 'funny bit' - I log back in with the remember me option set, the TWIKISID cookie that's been with me all this time is deleted and a new TWIKISID created, on the server the original cgisession file still exists and has been updated to recognise me as being logged in and REMEMBER is 1, the new cgisession file to match the new cookie is also there and indicates a non-logged in session
  • using the Net tab of Firebug I can see that when the Remember me option is set, the current TWIKISID is not part of the Request Header, but when the Remember me option is not set, the TWIKISID cookie is part of the Request header.

-- TWiki:Main.DavidPatterson - 08 Aug 2008

I ran the above sequence again but with FF set to ask my permission for any cookie related activities - the request every time was "The site wants to modify an existing cookie" until after one of these requests the session cookie gets deleted and the next request is "The site wants to set another cookie" and the new 'empty' session cookie gets set.

I'm running my TWiki server on a virtual machine with access to it through a proxy.

-- TWiki:Main.DavidPatterson - 08 Aug 2008

I have the same problem in TWiki 4.2.4 and FF 3.0.3 on XP. I can see the same TWIKISID cookie problem. Logging in with remember me sets the REMEMBER => 1 in the old cookie, but the response sends a new cookie TWIKISID without the remember flag. So I'm still not logged into TWiki. I both tried it with mod_perl and without mod_perl.

I also turned on the trace in LoginManager and compared what happens.

The IE7 trace log
[Thu Dec 11 10:19:19 2008] [error] [client 194.49.3.68] Subroutine Benchmark::mytime redefined at /usr/lib/perl5/5.8.8/Benchmark.pm line 459., referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:19:19 2008] [error] [client 194.49.3.68] Sessionunknown(c): URL http://test-twiki/bin/login, referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:19:19 2008] [error] [client 194.49.3.68] Sessionunknown(c): Cookie TWIKIPREF=%7CTwistyContrib_edithelp%3D0%7CTwistyContrib_topicattachmentslist%3D1; TWIKISID=17cf2b1eb2d4a4cddd59466d2b0e37c4, referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:19:19 2008] [error] [client 194.49.3.68] Session17cf2b1eb2d4a4cddd59466d2b0e37c4(c): Opened session, referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:19:19 2008] [error] [client 194.49.3.68] Session17cf2b1eb2d4a4cddd59466d2b0e37c4(c): session says user is undef, referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:19:19 2008] [error] [client 194.49.3.68] Session17cf2b1eb2d4a4cddd59466d2b0e37c4(c): Session is NOT authenticated, referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:19:19 2008] [error] [client 194.49.3.68] Session17cf2b1eb2d4a4cddd59466d2b0e37c4(c): Flushed, referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:19:19 2008] [error] [client 194.49.3.68] Session17cf2b1eb2d4a4cddd59466d2b0e37c4(c): Session is authenticated, referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:19:19 2008] [error] [client 194.49.3.68] Session17cf2b1eb2d4a4cddd59466d2b0e37c4(c): converting from guest to ss, referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:19:19 2008] [error] [client 194.49.3.68] Session17cf2b1eb2d4a4cddd59466d2b0e37c4(c): Flushed, referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:19:19 2008] [error] [client 194.49.3.68] Session17cf2b1eb2d4a4cddd59466d2b0e37c4(c): Redirect to /bin/view/PE/WebHome?twiki_redirect_cache=9aa12b67a02e6c833efc0d37dc67a497 with cookie, referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:19:19 2008] [error] [client 194.49.3.68] Session17cf2b1eb2d4a4cddd59466d2b0e37c4(c): Flushed, referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:19:19 2008] [error] [client 194.49.3.68] , referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:19:19 2008] [error] [client 194.49.3.68] | Count  |  Min   |  Max   | Total      | Method |, referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:19:19 2008] [error] [client 194.49.3.68] , referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:19:19 2008] [error] [client 194.49.3.68] Subroutine Benchmark::mytime redefined at /usr/lib/perl5/5.8.8/Benchmark.pm line 459., referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:19:19 2008] [error] [client 194.49.3.68] Sessionunknown(c): URL http://test-twiki/bin/view, referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:19:19 2008] [error] [client 194.49.3.68] Sessionunknown(c): Cookie TWIKIPREF=%7CTwistyContrib_edithelp%3D0%7CTwistyContrib_topicattachmentslist%3D1; TWIKISID=17cf2b1eb2d4a4cddd59466d2b0e37c4, referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:19:19 2008] [error] [client 194.49.3.68] Session17cf2b1eb2d4a4cddd59466d2b0e37c4(c): Opened session, referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:19:19 2008] [error] [client 194.49.3.68] Session17cf2b1eb2d4a4cddd59466d2b0e37c4(c): session says user is ss, referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:19:19 2008] [error] [client 194.49.3.68] Session17cf2b1eb2d4a4cddd59466d2b0e37c4(c): Session says user is ss - , referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:19:19 2008] [error] [client 194.49.3.68] Session17cf2b1eb2d4a4cddd59466d2b0e37c4(c): Session is authenticated, referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:19:19 2008] [error] [client 194.49.3.68] Session17cf2b1eb2d4a4cddd59466d2b0e37c4(c): converting from undef to ss, referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:19:19 2008] [error] [client 194.49.3.68] Session17cf2b1eb2d4a4cddd59466d2b0e37c4(c): Flushed, referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:19:20 2008] [error] [client 194.49.3.68] Session17cf2b1eb2d4a4cddd59466d2b0e37c4(c): Flushed, referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:19:20 2008] [error] [client 194.49.3.68] , referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:19:20 2008] [error] [client 194.49.3.68] | Count  |  Min   |  Max   | Total      | Method |, referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome

The FF 3.0.3 trace file: The difference to IE7 begins with Sessionunknown and Sessionunknown: No cookie messages below. After that a new session will be created. In FF Firebug I've seen that the cookie is sent to the server, but TWiki server says that there is no cookie.

[Thu Dec 11 10:31:20 2008] [error] [client 194.49.3.68] Subroutine Benchmark::mytime redefined at /usr/lib/perl5/5.8.8/Benchmark.pm line 459., referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:31:21 2008] [error] [client 194.49.3.68] Sessionunknown(c): URL http://test-twiki/bin/login, referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:31:21 2008] [error] [client 194.49.3.68] Sessionunknown(c): Cookie TWIKISID=2e195621e9e6c803e776caeab1d2aa4d, referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:31:21 2008] [error] [client 194.49.3.68] Session2e195621e9e6c803e776caeab1d2aa4d(c): Opened session, referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:31:21 2008] [error] [client 194.49.3.68] Session2e195621e9e6c803e776caeab1d2aa4d(c): session says user is undef, referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:31:21 2008] [error] [client 194.49.3.68] Session2e195621e9e6c803e776caeab1d2aa4d(c): Session is NOT authenticated, referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:31:21 2008] [error] [client 194.49.3.68] Session2e195621e9e6c803e776caeab1d2aa4d(c): Flushed, referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:31:21 2008] [error] [client 194.49.3.68] Session2e195621e9e6c803e776caeab1d2aa4d(c): Session is authenticated, referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:31:21 2008] [error] [client 194.49.3.68] Session2e195621e9e6c803e776caeab1d2aa4d(c): converting from guest to ss, referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:31:21 2008] [error] [client 194.49.3.68] Session2e195621e9e6c803e776caeab1d2aa4d(c): Flushed, referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:31:21 2008] [error] [client 194.49.3.68] Session2e195621e9e6c803e776caeab1d2aa4d(c): Redirect to /bin/view/PE/WebHome?twiki_redirect_cache=34c31b25ebdc342e8e10da0d6ffd85e5 with cookie, referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:31:21 2008] [error] [client 194.49.3.68] Session2e195621e9e6c803e776caeab1d2aa4d(c): Flushed, referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:31:21 2008] [error] [client 194.49.3.68] , referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:31:21 2008] [error] [client 194.49.3.68] | Count  |  Min   |  Max   | Total      | Method |, referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:31:21 2008] [error] [client 194.49.3.68] , referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:31:21 2008] [error] [client 194.49.3.68] Subroutine Benchmark::mytime redefined at /usr/lib/perl5/5.8.8/Benchmark.pm line 459., referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:31:21 2008] [error] [client 194.49.3.68] Sessionunknown: URL http://test-twiki/bin/view, referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:31:21 2008] [error] [client 194.49.3.68] Sessionunknown: No cookie , referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:31:21 2008] [error] [client 194.49.3.68] Session01618681d966d300a0c7e9773acb51f6: Opened session, referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:31:21 2008] [error] [client 194.49.3.68] Session01618681d966d300a0c7e9773acb51f6: session says user is undef, referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:31:21 2008] [error] [client 194.49.3.68] Session01618681d966d300a0c7e9773acb51f6: Session is NOT authenticated, referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:31:21 2008] [error] [client 194.49.3.68] Session01618681d966d300a0c7e9773acb51f6: Flushed, referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:31:21 2008] [error] [client 194.49.3.68] Session01618681d966d300a0c7e9773acb51f6: Flushed, referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:31:21 2008] [error] [client 194.49.3.68] , referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome
[Thu Dec 11 10:31:21 2008] [error] [client 194.49.3.68] | Count  |  Min   |  Max   | Total      | Method |, referer: http://test-twiki/bin/login/PE/WebHome?origurl=/bin/view/PE/WebHome

-- TWiki:Main.StefanScherer - 11 Dec 2008

I've found out that the cookie is sent calling the login CGI script. But after the redirect to the next view CGI script the cookie is lost and not sent again from the browser. I've seen in Firebug that the cookie expire date looks very strange: cookie->expires("3, 08-Mar-17 18:17:05 GMT"), so Firefox would propably throw away this cookie and not sending it for the next view URL again. I've tested it on 2008-12-11 and not 2008-03-17 (???)

-- TWiki:Main.StefanScherer - 11 Dec 2008

I think I've found the 'bug'. If had the following value in my LocalSite.cfg: $TWiki::cfg{Sessions}{ExpireCookiesAfter} = 26000000; But this seems to be too big for the expire calculation function TWiki::Time::formatTime(). But is it not just possible to use the expiration date "+10d" in cookies as well? So that calculation could be removed.

-- TWiki:Main.StefanScherer - 11 Dec 2008

I don't see this problem in trunk. Still the same, also on Foswiki. Changing the duration of ExpireCookiesAfter did not have any effect on my Mac.

-- ArthurClemens - 14 Dec 2008

I've tested on XP on IE8, FF3 and Chrome, and it works perfectly. Tried on linux too, but as everybody said, it works just fine.

Arthur, can you please show your $Foswiki::cfg{Sessions}{ExpireCookiesAfter} ?

I set mine to 21600 (arbitrary), and I was running the current trunk revision 1528

-- OlivierRaginel - 22 Dec 2008

I have mine at 100000 and it works fine on XP with IE6, IE7 and FF3.

Lowering this one to normal.

It is a special case. Probably a problem with browser keeping cookies.

See http://develop.twiki.org/~twiki4/cgi-bin/view/Bugs/Item4782 for Sopan Shewale's analysis

-- CrawfordCurrie - 04 Mar 2009

I just thought i'd test this (on trunk and 1.1.4), and setting

{Sessions}{ExpireAfter}    =26000000   
{Sessions}{ExpireCookiesAfter} = 26000000

does indeed appear to set it to ~10 months away: Sat, 12-Jan-13 04:24:35 GMT

we have both the 'remember me' UI and $wday, so I think we can close it.

-- SvenDowideit - 17 Mar 2012

ItemTemplate edit

Summary Checking "Remember me on this computer" in login screen fails to remember me
ReportedBy Foswiki:Main.ArthurClemens
Codebase 1.1.4, trunk
SVN Range SVN 1331: Foswiki-0.9.0, Sat, 13 Dec 2008, build 1322
AppliesTo Engine
Component
Priority Normal
CurrentState Closed
WaitingFor
Checkins
ReleasedIn n/a
CheckinsOnBranches
trunkCheckins
Release01x01Checkins
Topic revision: r7 - 17 Mar 2012, SvenDowideit
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy