Closed Bug 58242 Opened 24 years ago Closed 23 years ago

relogin.cgi fails to delete server's copy of the cookie


(Bugzilla :: User Accounts, defect, P3)



Bugzilla 2.16


(Reporter: phee, Assigned: myk)



I found it odd that relogin.cgi didn't clear out someone's entry(ies) from the
"logincookies" table after it logged them out, relying instead on
"confirm_login()" to clear them after they get 30 days old.  A table can fill up
fast that way.  I've solved this by adding these two lines to relogin.cgi just
after the line that says 'require "";':

SendSQL("delete from logincookies where userid=" .

(The url_decode is in there because I found I sometimes had "%40" instead of "@"
in the Bugzilla_login cookie and thus it wouldn't recognize the login...)

Just wanted to share :)
Whiteboard: 2.14
Whiteboard: 2.14 → 2.16
moving to real milestones...
Target Milestone: --- → Bugzilla 2.16
I don't like the suggested patch here because it's possible to log in from more
than one browser at a time, and each one would get a different cookie.  Deleting
all of a user's cookies on the server side when they log out would effectively
log them off on every browser they had open (and every machine if they were
logged in on more than one machine at once - a lot of the developers do this).

However, I do agree that the cookie associated with that given session should be
deleted from the server when you log out.
Summary: Suggested change for relogin.cgi → relogin.cgi fails to delete server's copy of the cookie
Whiteboard: 2.16
-> Bugzilla product
Assignee: tara → myk
Component: Bugzilla → User Accounts
Product: Webtools → Bugzilla
Version: other → unspecified
We are currently trying to wrap up Bugzilla 2.16.  We are now close enough to
release time that anything that wasn't already ranked at P1 isn't going to make
the cut.  Thus this is being retargetted at 2.18.  If you strongly disagree with
this retargetting, please comment, however, be aware that we only have about 2
weeks left to review and test anything at this point, and we intend to devote
this time to the remaining bugs that were designated as release blockers.
Target Milestone: Bugzilla 2.16 → Bugzilla 2.18
The patch on bug 95732 will fix this.
Depends on: 95732
Target Milestone: Bugzilla 2.18 → Bugzilla 2.16
Fixed as part of bug 95732
Closed: 23 years ago
Resolution: --- → FIXED
QA Contact: matty_is_a_geek → default-qa
You need to log in before you can comment on or make changes to this bug.