We have moved to GitHub Issues
You are viewing the read-only archive of Umbraco's issue tracker. To create new issues, please head over to GitHub Issues.
Make sure to read the blog posts announcing the move for more information.
Created by Shannon Deminick 15 Dec 2015, 11:10:09 Updated by Shannon Deminick 05 Jan 2016, 11:35:25
Relates to: U4-7495
when the GetRemainingSeconds middleware renews it's double setting the cookie, see response:
Set-Cookie:UMB_UCONTEXT=123456789; path=/; expires=Tue, 15-Dec-2015 11:34:23 GMT; HttpOnly Set-Cookie:UMB_UCONTEXT=987654321; path=/; expires=Tue, 15-Dec-2015 11:24:23 GMT; HttpOnly
Here's what was happening:
To fix this the standard cookie middleware will ignore all requests for the GetUserSecondsMiddleWare path, therefore this request will never get the ticket renewed by the standard middleware. The GetUserSecondsMiddleWare now uses a separate cookie options instance that only looks for cookies in the path of the GetUserSecondsMiddleWare request. So now anytime the GetUserSecondsMiddleWare, if keepuserloggedin == false, the ticket is never renewed, if keepuserloggedin == true, the ticket will be renewed according to the timeout value in the web.config when it's time for renewal
To test:
umbracoTimeOutInMinutes
to 4 minutes/umbraco/backoffice/UmbracoApi/Authentication/GetRemainingTimeoutSeconds
, verify that there is no Set-Cookie header for most of these requestsumbracoTimeOutInMinutes
NOTE: if you put the umbracoTimeOutInMinutes to something very small like 2 minutes, even with keepUserLoggedIn == true, you'll get logged out because there's a 30 second threshold in JS so 2 minutes isn't long enough to keep the user logged in
Next, test that you get logged out without keepUserLoggedIn
umbracoTimeOutInMinutes
to 4 minutes/umbraco/backoffice/UmbracoApi/Authentication/GetRemainingTimeoutSeconds
, verify that there is no Set-Cookie for any requests, even at the 2 minute markPriority: Normal
Type: Task
State: Fixed
Assignee:
Difficulty:
Category:
Backwards Compatible: True
Fix Submitted:
Affected versions:
Due in version: 7.4.0, 7.3.5
Sprint: Sprint 5
Story Points:
Cycle: