Description

It looks to me that the user settings remember_me is broken in 1.9

From HelpOnSessions: 

Cookie lifetime in hours, can be fractional. First tuple element is for anonymous sessions, second tuple element is for logged-in sessions. For anonymous sessions, t=0 means that they are disabled, t>0 means that many hours. For logged-in sessions, t>0 means that many hours, or forever if user checked 'remember_me', t<0 means -t hours and ignore user 'remember_me' setting - you usually don't want to use t=0, it disables logged-in sessions.

I have checked 'remember_me' in my settings on master19 and I am always logged off after 12h.

Component selection

Details

MoinMoin Version

1.9

OS and Version

Python Version

Server Setup

Server Details

Language you are using the wiki in (set in the browser/UserPreferences)

Workaround

Discussion

user_obj.remember_me is not used in 1.9 

   1 +def _get_session_lifetime(request, userobj):
   2 +    """ Get session lifetime for the user object userobj """
   3 +    lifetime = int(request.cfg.cookie_lifetime[userobj and userobj.valid]) * 3600
   4 +    forever = 10 * 365 * 24 * 3600 # 10 years
   5 +
   6 +    if userobj and not userobj.valid:
   7 +        return abs(lifetime)
   8 +    elif userobj and userobj.valid:
   9 +        if lifetime > 0:
  10 +            if userobj.remember_me:
  11 +                return forever
  12 +            return lifetime
  13 +        return abs(lifetime)
  14 +    return abs(lifetime)
  15 +
  16  class FileSessionService(SessionService):
  17      """
  18      This sample session service stores session information in a temporary
  19 @@ -109,8 +124,7 @@
  20                  logging.debug("after auth: deleting session cookie!")
  21                  request.delete_cookie(self.cookie_name, path=cookie_path, domain=cfg.cookie_domain)
  22 
  23 -        lifetime_h = cfg.cookie_lifetime[userobj and userobj.valid]
  24 -        cookie_lifetime = int(float(lifetime_h) * 3600)
  25 +        cookie_lifetime = _get_session_lifetime(request, userobj)
  26          if cookie_lifetime:
  27              if session.new:
  28                  cookie_expires = time.time() + cookie_lifetime

(!) that patch can be simplified

/!\ while testing that patch I found another session problem. It seems not to be possible to change the cookie lifetime for a logged in user if you set a cookie_lifetime = (1, 12). You get only 1h (that's independent from that patch).

Plan

CategoryMoinMoinBugFixed

MoinMoin: MoinMoinBugs/1.9_remember_me_broken (last edited 2009-04-22 22:29:58 by ReimarBauer)