Closed Bug 279716 Opened 20 years ago Closed 19 years ago

Users have to relogin when changing their own password

Categories

(Bugzilla :: User Accounts, defect)

Product:
Bugzilla
Component:
User Accounts
Version:
2.18
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 2.20

People

(Reporter: alexanderkraus, Assigned: Wurblzap)

Details

Attachments

(1 file)

Patch (2.20 and trunk)
1.29 KB, patch
wicked
: review+
Details | Diff | Splinter Review 
User-Agent:       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322)
Build Identifier: 

after changing the own password at the page userprefs.cgi,
the user has to relogin.
If the passwordchange was successful the user gets logged out althoug the code 
in userprefs.cgi shows, that the current logincookie should stay active

Reproducible: Always

Steps to Reproduce:
1.change password
2.go to an other page (for example 'home')
3.the loginpage appears



Expected Results:  
the selected page should be displayed
Version: unspecified → 2.18
I can reproduce. userprefs.cgi says:

 # Invalidate all logins except for the current one
 Bugzilla->logout(LOGOUT_KEEP_CURRENT);

The footer is correctly displayed when the "Account Preferences" page is
updated, but as soon as the user tries to access another page, he is being
logged out, despite of LOGOUT_KEEP_CURRENT.

Wurblzap has a nice explanation about this, so I prefer to let him explain it
here. ;)
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Windows 2000 → All
Hardware: PC → All
Assignee: user-accounts → wurblzap
Status: NEW → ASSIGNED

        Attachment #190942 -
        Flags: review?(LpSolit)

    
    

    
  
Comment on attachment 190942 [details] [diff] [review]
Patch (2.20 and trunk)

I'm really not the best reviewer you can find about cookies. Maybe kiko?

        Attachment #190942 -
        Flags: review?(LpSolit) → review?

    
  
Flags: blocking2.22?

    
    

    
  
Does this affect 2.20?
Flags: blocking2.22? → blocking2.22+
Target Milestone: --- → Bugzilla 2.22

    
  
Summary: Changing the own password, you have to relogin → Users have to relogin when changing their own password

    
    

    
  
(In reply to comment #4)
> Does this affect 2.20?

Looks like only 2.16 branch is not affected by this.

    
    

    
  
Comment on attachment 190942 [details] [diff] [review]
Patch (2.20 and trunk)

This patch seems to fix reported problem and works on trunk and 2.20 branch. 2.18 branch needs a backport.

        Attachment #190942 -
        Attachment description: Patch → Patch (2.20 and trunk)

        Attachment #190942 -
        Flags: review? → review+
Flags: blocking2.18.5?
Flags: approval?
Flags: approval2.20?
Target Milestone: Bugzilla 2.22 → Bugzilla 2.20

    
    

    
  
2.18 only accepts security fixes, so no need to backport it.
Flags: blocking2.18.5?
Flags: approval?
Flags: approval2.20?
Flags: approval2.20+
Flags: approval+

    
    

    
  
Marc is on vacation till the end of the month, IIRC. Doing the checkin myself.

tip:

Checking in Bugzilla/Auth/Login/WWW/CGI.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/Auth/Login/WWW/CGI.pm,v  <--  CGI.pm
new revision: 1.13; previous revision: 1.12
done

2.20:

Checking in Bugzilla/Auth/Login/WWW/CGI.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/Auth/Login/WWW/CGI.pm,v  <--  CGI.pm
new revision: 1.12.2.1; previous revision: 1.12
done

Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: