Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't clear login cookie on requests without cookie #3380

Merged
merged 1 commit into from
Mar 5, 2018
Merged

Don't clear login cookie on requests without cookie #3380

merged 1 commit into from
Mar 5, 2018

Conversation

takluyver
Copy link
Member

Clearing the secure cookie makes sense when it is invalid or expired, but clearing it when it's not sent with a request can unexpectedly log the user out.

I ran into this with misconstructed URLs which didn't incorporate base_url. That was itself a bug, but the result of suddenly being unauthenticated makes it harder to track down.

Closes gh-3365 (hopefully)
Possibly also relevant to gh-2396

I'm not sure why this seems to affect Firefox more than Chrome.

@takluyver
Don't clear login cookie on requests without cookie
6197248 
Clearing the secure cookie makes sense when it is invalid or expired,
but clearing it when it's not sent with a request can unexpectedly log
the user out.

I ran into this with misconstructed URLs which didn't incorporate
base_url. That was itself a bug, but the result of suddenly being
unauthenticated makes it harder to track down.

Closes jupytergh-3365 (hopefully)
Possibly also relevant to jupytergh-2396

I'm not sure why this seems to affect Firefox more than Chrome.
@takluyver takluyver added this to the 5.5 milestone Feb 27, 2018
This was referenced Feb 27, 2018
Closed
Open
@takluyver
Copy link
Member Author

One user on #3365 has confirmed that this fixed their issue.

@takluyver
Copy link
Member Author

cc @minrk @gnestor

@gnestor
Copy link
Contributor

gnestor commented Mar 5, 2018

LGTM!

@minrk minrk merged commit f00215b into jupyter:master Mar 5, 2018
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 2, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@gnestor gnestor gnestor approved these changes

Assignees
No one assigned
Labels
status:resolved-locked
Projects
None yet
Milestone
5.5
Development

Successfully merging this pull request may close these issues.

Automatically getting logged out in Firefox
3 participants
@takluyver @gnestor @minrk