What steps will reproduce the problem?
1. First time successfull login into Gitblit under valid Redmine account pair (login
2. Close browser and open it again.
3. Successfull login into Gitblit again under valid Redmine login and invalid password
What is the expected output? What do you see instead?
I should be blocked in case of usage invalid Redmine password for valid account.
What version of the product are you using? On what operating system?
CentOS 5 with latest udpates, Gitblit 1.4.0 behind Apache reverse proxy (interconnection
through AJP/13 port tcp/8009), Redmine 1.3.1
Please provide any additional information below.
I'm not sure, but it can be global bug for all external authentication or just for
Reported by shumal.av on 2014-03-18 04:15:29
The text was updated successfully, but these errors were encountered:
I'm seeing a similar issue with LDAP authentication.
Even if I delete the Gitblit and JSESSIONID cookies before trying to log in again,
using an invalid password always lets me back in.
NOTE: Gitblit 1.3.2 does not exhibit this behaviour in my testing. We currently have
1.3.2 in production.