Actions
Bug #2883
openxmera Omnia - Collection #2548: Third-Party module maintenance
Maintenance #2337: Support RM 6.0
Defect (New): Stay logged in option prevevents users from logging in on Apache + mod passe...
Start date:
Due date:
% Done:
0%
Estimated time:
Affected Version:
Compatible Redmine Version:
n/a
Pull Request Link:
Description
Subject: Defect #42199 (New): Stay logged in option prevevents users from logging in on Apache + mod passe...
From: Karel Pičman
Date: Sat, 01 Feb 2025 08:29:45 GMT
I've just verified on a clear installation of Debian 12 + Apache2 + libapache2-mod-passenger that the option Stay logged in on the login form prevents users from logging in. As log as this check box is checked you can't log in.
This is what I see in the log:
App 5836 output: [a8b48f7d-2236-41b7-bd27-5294c2ae4dc3] Started POST "/login" for 192.168.4.190 at 2025-02-01 09:21:30 +0100
App 5836 output: [a8b48f7d-2236-41b7-bd27-5294c2ae4dc3] Processing by AccountController#login as HTML
App 5836 output: [a8b48f7d-2236-41b7-bd27-5294c2ae4dc3] Parameters: {"authenticity_token"=>"4UXUTv29KBldIUbhz4MwE926dkb4Xvrvp1X6ujdspLek8oqDvNfdhtxG6KyYvNNbrOGJoCZko_Zx5lBSNyK2-Q", "back_url"=>"/", "username"=>"admin", "password"=>"[FILTERED]", "autologin"=>"1", "login"=>"Login"}
App 5836 output: [a8b48f7d-2236-41b7-bd27-5294c2ae4dc3] Current user: anonymous
App 5836 output: [a8b48f7d-2236-41b7-bd27-5294c2ae4dc3] Successful authentication for 'admin' from 192.168.4.190 at 2025-02-01 08:21:30 UTC
App 5836 output: [a8b48f7d-2236-41b7-bd27-5294c2ae4dc3] Redirected to http://redmine/
App 5836 output: [a8b48f7d-2236-41b7-bd27-5294c2ae4dc3] Completed 302 Found in 24ms (ActiveRecord: 13.5ms (14 queries, 0 cached) | GC: 0.0ms)
App 5836 output: [2106b248-ec9f-4c12-b98f-fc9ce2b57277] Started GET "/" for 192.168.4.190 at 2025-02-01 09:21:30 +0100
App 5836 output: [2106b248-ec9f-4c12-b98f-fc9ce2b57277] Processing by WelcomeController#index as HTML
App 5836 output: [2106b248-ec9f-4c12-b98f-fc9ce2b57277] Current user: anonymous
App 5836 output: [2106b248-ec9f-4c12-b98f-fc9ce2b57277] Redirected to http://redmine/login?back_url=http%3A%2F%2Fredmine%2F
App 5836 output: [2106b248-ec9f-4c12-b98f-fc9ce2b57277] Filter chain halted as :check_if_login_required rendered or redirected
App 5836 output: [2106b248-ec9f-4c12-b98f-fc9ce2b57277] Completed 302 Found in 4ms (ActiveRecord: 0.8ms (3 queries, 0 cached) | GC: 0.0ms)
App 5836 output: [1193f1d4-6d77-4bb1-8442-81f7ae26a692] Started GET "/login?back_url=http%3A%2F%2Fredmine%2F" for 192.168.4.190 at 2025-02-01 09:21:30 +0100
App 5836 output: [1193f1d4-6d77-4bb1-8442-81f7ae26a692] Processing by AccountController#login as HTML
App 5836 output: [1193f1d4-6d77-4bb1-8442-81f7ae26a692] Parameters: {"back_url"=>"http://redmine/"}
App 5836 output: [1193f1d4-6d77-4bb1-8442-81f7ae26a692] Current user: anonymous
App 5836 output: [1193f1d4-6d77-4bb1-8442-81f7ae26a692] Rendered layout layouts/base.html.erb (Duration: 5.3ms | GC: 0.0ms)
App 5836 output: [1193f1d4-6d77-4bb1-8442-81f7ae26a692] Completed 200 OK in 10ms (Views: 5.7ms | ActiveRecord: 1.1ms (3 queries, 0 cached) | GC: 0.0ms)=
In the code it seems that as soon the autologin info is written into cookies(`cookies[autologin_cookie_name] = cookie_options`), `session[:user_id]` is empty in the following call request.
The problem has appeared in v6.0.0. As soon as I use another server to run Redmine, e.g. Puma, Stay logged in works as expected.
No data to display
Actions