New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Login not remembered in Firefox #3472

Closed
shmerl opened this Issue Jul 30, 2012 · 23 comments

Comments

Projects
None yet
7 participants
@shmerl

shmerl commented Jul 30, 2012

I noticed a repeating issue - login is not remembered after browser restart (Firefox 14.0.1 / Linux x86_64). The problem goes away for some time if all related cookies are manually deleted, but it resurfaces later. I didn't test this in any other browsers though, so I'm not sure if it's specific to Firefox or not.

@Raven24

This comment has been minimized.

Member

Raven24 commented Jul 31, 2012

The user authentication process is handled entirely by the 'devise' gem, so I assume this could be an upstream issue...
Gotta see which version we have in the Gemfile and maybe update it.

Please definitely test with other browsers, too, to confirm.
...I haven't experienced this with Firefox so far.

@Yajo

This comment has been minimized.

Yajo commented Aug 12, 2012

In fact the good old 'remember me' box has disappeared. (At least in joindiaspora.com)

@jhass

This comment has been minimized.

Member

jhass commented Oct 16, 2012

So what do we do about this? Any clear reproducers?

@shmerl

This comment has been minimized.

shmerl commented Oct 16, 2012

It's not reproducing for you? For me this bug always persists. Firefox 16.0.1: Mozilla/5.0 (X11; Linux x86_64; rv:16.0) Gecko/20100101 Firefox/16.0

I think if I delete all Diaspora cookies - it goes a way for some time, but then it comes back.

@jhass

This comment has been minimized.

Member

jhass commented Oct 16, 2012

You're on joindiaspora.com?

@shmerl

This comment has been minimized.

shmerl commented Oct 16, 2012

Yes. Right now I deleted the cookie and autologin works. I'll report later if it starts failing again.

@jhass

This comment has been minimized.

Member

jhass commented Oct 16, 2012

This is either upstream as Florian outlined or for some reason joindiaspora.com occasionally changes it's secret token and invalidates all sessions with that. Either way this is not often reported so… hmmmm

@maxwell

This comment has been minimized.

Member

maxwell commented Oct 16, 2012

no, its because we have two conflicting settings in devise, timeoutable and something else... I fixed this on makr.io

@shmerl

This comment has been minimized.

shmerl commented Oct 16, 2012

The issue is back for me, so it's still reproducible.

@shmerl

This comment has been minimized.

shmerl commented Nov 2, 2012

So is it possible to apply the same fix to Diaspora code, or there is some difference?

@denschub

This comment has been minimized.

Member

denschub commented Nov 2, 2012

Well, @maxwell, it's not really a conflict here.

In config/initializers/devise.rb timeout_in is set to one day in line 92. remember_for in line 80 is commented out. Unsettung timeout_in and setting remember_for should fix this.

@jhass

This comment has been minimized.

Member

jhass commented Nov 11, 2012

Actually that "fix" made the situation worse.

@jhass jhass reopened this Nov 11, 2012

@denschub

This comment has been minimized.

Member

denschub commented Nov 11, 2012

Please define "worse".

@jhass

This comment has been minimized.

Member

jhass commented Nov 11, 2012

Remember me is hidden thus unset thus we only get session life time cookies. I think.

@denschub

This comment has been minimized.

Member

denschub commented Nov 11, 2012

Sad to hear. But actually that's not "worse" because our current session cookies' lifetime on master is a session. Most users just don't run into this issue because they are using Diaspora in a app tab which forced the session lifetime cookie to last forever.

After my patch, the session cookies are still valid for the current session only, but I get another cookie named remember_user_token which is valid for two weeks. And that's how it's used to be.

But! I had a similar issue some days ago in the office, we were using Devise and had the same problem. Sometimes (sorry for being that imprecise but I really have no clue) Devise ignores the rememberable-setting if no rememberme-value was sent in the form. Adding a hidden field helped:

<%= f.hidden_field :remember_me, :value => 1 %>

Would you mind trying that out on your local installation? I'd not push that to the repo if I'm not sure if that's really a issue.

Thanks!

@shmerl

This comment has been minimized.

shmerl commented Nov 11, 2012

Anyhow, may be joindiaspora pod wasn't updated yet, but the issue isn't resolved for me in any way. It doesn't remember anything after the browser is restarted.

@denschub

This comment has been minimized.

Member

denschub commented Nov 11, 2012

Well, this is not even in master. It's in develop and will get merged with 0.0.2.0.

@Raven24

This comment has been minimized.

Member

Raven24 commented Nov 12, 2012

also there is a random "true" (string) output on top of the page everytime the session ends and you are thrown on the login page again ...

@jhass

This comment has been minimized.

Member

jhass commented Nov 12, 2012

That random true string seems to come from devise and maybe us not handling it on our custom login page, adding the hidden remember me however helps against session expiration.

@denschub

This comment has been minimized.

Member

denschub commented Nov 12, 2012

Thanks for your feedback. I'm going to add the hidden field this evening, also I found some stuff we could clean up, will do that tonight, too.

@jaywink

This comment has been minimized.

Contributor

jaywink commented Nov 13, 2012

Hmm not sure if related but my pod updated to 0.0.2pre some days ago and now it keeps throwing me out - almost every time I switch to that tab it wants me to log in :P

@jhass

This comment has been minimized.

Member

jhass commented Nov 13, 2012

it is related ;)

@ghost ghost assigned denschub Nov 14, 2012

@denschub

This comment has been minimized.

Member

denschub commented Nov 14, 2012

Just pushed the stuff I mentioned above. That worked on Geraspora for three days without any user complaining about logouts. Will close this ticket at Sunday if no one complains. :)

@denschub denschub closed this Nov 20, 2012

@denschub denschub removed this from the 0.0.2.0 milestone Jul 20, 2015

@denschub denschub removed their assignment Jul 26, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment