Bugzilla sets expired password cookies

VERIFIED INVALID

Status

()

Bugzilla
Bugzilla-General
P3
normal
VERIFIED INVALID
18 years ago
5 years ago

People

(Reporter: Robin Lionheart, Assigned: justdave)

Tracking

Details

(URL)

(Reporter)

Description

18 years ago
Though the Bugzilla_login and Bugzilla_logincookie cookies are set with an expiry date of 30-Jun-2029, the Bugzilla_password cookie is set with an expiry date of 30-Jun-80.

Set-Cookie: Bugzilla_login= ; path=/; expires=Sun, 30-Jun-2029 00:00:00 GMT
Set-Cookie: Bugzilla_logincookie= ; path=/; expires=Sun, 30-Jun-2029 00:00:00 GMT
Set-Cookie: Bugzilla_password= ; path=/; expires=Sun, 30-Jun-80 00:00:00 GMT

I suspect this pre-expired cookie is why, though I have set Opera 4.0 beta 4 to accept cookies from Bugzilla, I nevertheless have to log in again and again before every search and transaction.
Correcting component...

Also, this password is expired on purpose.  You notice it's empty, too.  
Bugzilla no longer stores your password in a cookie.  It sets an expired empty 
cookie with that name in order to clear any existing cookies for the password on 
anyones' system that used it back when Bugzilla did put the password in a 
cookie.
Status: NEW → RESOLVED
Last Resolved: 17 years ago
Component: Bonsai → Bugzilla
Resolution: --- → INVALID
(Reporter)

Comment 2

17 years ago
I see, it was intentional.
Status: RESOLVED → VERIFIED
moving to Bugzilla product
reassign to default owner/qa for INVALID/WONTFIX/WORKSFORME/DUPLICATE
Assignee: tara → justdave
Component: Bugzilla → Bugzilla-General
Product: Webtools → Bugzilla
Version: other → unspecified
QA Contact: matty_is_a_geek → default-qa
You need to log in before you can comment on or make changes to this bug.