Project

General

Profile

Bug #7355

Remove $_COOKIE['TestCookie']

Added by Julio Montoya almost 5 years ago. Updated almost 5 years ago.

Status:
Bug resolved
Priority:
Low
Assignee:
Category:
Global / Others / Misc
Target version:
Start date:
27/10/2014
Due date:
% Done:

100%

Estimated time:
Spent time:
Complexity:
Normal
SCRUM pts - complexity:
?

Description

This cookie sometimes blocks access to the user.
I suggest to remove this part of code.

History

#2

Updated by Yannick Warnier almost 5 years ago

Also related to (private) task https://task.beeznest.com/issues/8883

#3

Updated by Yannick Warnier almost 5 years ago

The code is located in /index.php and /main/inc/lib/main_api.lib.php (~lines 3243) in api_not_allowed().

The cookie is normally set for one full year, but I also think it is not working correctly sometimes.

The issue is that, if we remove it, we will have no way of alerting the user that he is using a system without cookies. Isn't there a way to test if the browser accepts cookie just from the headers we receive in the initial request? Apparently not...

We have to test what happens if this code is not present and the browser does not accept cookies.

#4

Updated by Yannick Warnier almost 5 years ago

One nice way to do it would be to add a mini-cookie straight away (when loading the login page) and, if not set while receiving login/password information, tell the user so in the login box.

#6

Updated by Yannick Warnier almost 5 years ago

  • Priority changed from Normal to Low
#7

Updated by Noa Orizales Iglesias almost 5 years ago

I Would suggest to update the priority of this task because it is afecting a lot of users and they can´t make a thing sto recover their access to their portals. So I suggest to make this task urgent.

#8

Updated by Yannick Warnier almost 5 years ago

  • Category set to Global / Others / Misc
  • Status changed from New to Assigned
  • Assignee set to Julio Montoya

I agree. I've received reports from another big user too. I haven't been able to analyse what has been done and whether it has already been fixed in the latest code, but I think it's safe to say it broke more than it fixed when the first change was applied.

#9

Updated by Julio Montoya almost 5 years ago

  • Status changed from Assigned to Needs more info
  • Assignee changed from Julio Montoya to Yannick Warnier

Can I remove it? I think that is not needed in any critical tool. The cookies are used in jcapture, facebook external login, lib CAS. I did a fast search.

#10

Updated by Yannick Warnier almost 5 years ago

  • Status changed from Needs more info to Assigned
  • Assignee changed from Yannick Warnier to Julio Montoya

Yes, please do. I believe Juan Carlos Raña introduced them a long time ago. We should anyway transform the way we try these to comply with the new European legislation (we need to make one of these Flash messages or so), but this is another story.

If left as it is now, this is going to end in a community support disaster.

#12

Updated by Yannick Warnier almost 5 years ago

  • Status changed from Assigned to Bug resolved
  • Assignee changed from Yannick Warnier to Julio Montoya
  • % Done changed from 0 to 100

OK. I'm closing it for now. Will reopen if anything strange is reported around that.

Also available in: Atom PDF