infra-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Johnson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (INFRA-13425) Roller's Remember Me feature is broken
Date Sun, 05 Feb 2017 19:00:43 GMT

    [ https://issues.apache.org/jira/browse/INFRA-13425?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15853322#comment-15853322
] 

David Johnson commented on INFRA-13425:
---------------------------------------

Hi [~ipv6guru],

The Remember Me stuff is configured in the Spring Security file security.xml:

https://github.com/apache/roller/blob/master/app/src/main/webapp/WEB-INF/security.xml#L65

Spring docs about remember me are here:

https://docs.spring.io/spring-security/site/docs/3.0.x/reference/remember-me.html

There is also a Roller config property called 'rememberme.enabled' and if it is not enabled,
we programmatically remove remember-me from the Spring config here:

https://github.com/apache/roller/blob/master/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerContext.java#L241

If "rememberme.enabled" is true, then the Login page will include the "Remember Me" checkbox,
which posts a special value "_spring_security_remember_me" that will be intercepted by Spring.

https://github.com/apache/roller/blob/master/app/src/main/webapp/WEB-INF/jsps/core/Login.jsp#L92

I haven't confirmed that Remember me works in the stock Roller release, but I do see that
the Remember Me cookie is present in my browser.


> Roller's Remember Me feature is broken
> --------------------------------------
>
>                 Key: INFRA-13425
>                 URL: https://issues.apache.org/jira/browse/INFRA-13425
>             Project: Infrastructure
>          Issue Type: Bug
>          Components: Blogs
>            Reporter: David Johnson
>
> Reported by Sally. She gets logged out after about 1 hour of inactivity and then has
to login again.
> This could relate to the recent LDAP enablement of blogs.apache.org and/or it could be
a Roller misconfiguration or bug.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message