Open GoogleCodeExporter opened 8 years ago
The Sinatra release is still very much a beta if not alpha, so no promises
about it being problem-free.
The way it's supposed to work is if you have a 'maximum_session_lifetime'
setting in your config, the auth session cookie will live the length of the
configured lifetime regardless of whether you shut down your browser. If you
don't have a maximum_session_lifetime value, the cookie should get wiped when
you shut down your browser.
Here's the relevant code:
https://github.com/gunark/rubycas-server/blob/master/lib/casserver/server.rb#L37
3-384
As far as I know this worked fine in the old Camping version, but maybe Sinatra
handles its cookies differently. I'll have to look into it (or better yet,
maybe someone else who has a moment right now could look into it for us).
Original comment by matt.zuk...@gmail.com
on 21 Dec 2010 at 9:10
no probs re release, I'm only playing/learning for now (still new to ruby as
well) and happy to be part of the testing process. i'll start pushing for its
use at work once we get it stable. + thanks to all involved for the sinatra
version, trying to install the previous with the current mix of gem versions
was a nightmare!
coming back to the problem at hand; had a bit of a look and there seems to be
some confusion regarding the maximum_session_lifetime setting. The comments on
the config file state that this setting is serverside processing only and not
related to the client cookie:
https://github.com/gunark/rubycas-server/blob/master/resources/config.example.ym
l#L562-565
If it isn't specified in the config file, it defaults to 1 month:
https://github.com/gunark/rubycas-server/blob/master/lib/casserver/server.rb#L25
This all works fine if that setting is used for the purpose stated in the
config file but it is, as you stated, getting used for cookie expiry so you
always end up with a persistent cookie:
https://github.com/gunark/rubycas-server/blob/master/lib/casserver/server.rb#L37
3-384
If there is to be allowance for persistent cookies, it would need its own
setting that defaults to nil. I would be very careful with that though; most
users (of pretty much any software) don't log off properly. You can imagine
what would happen with persistent cookies and internet cafes :O
Maybe have the cookie expiry setting (if it is configured) only apply if the
user checks a 'keep me logged in on this computer' type of option at login?
Original comment by osu...@gmail.com
on 22 Dec 2010 at 7:18
did some changes to code to make it do what i think it was originally meant to
do:
https://github.com/gunark/rubycas-server/issues#issue/31
btw, noticed the issue tracking there as well; which one should i be using?
also noticed some issues with ticket cleanup, i'll post that (and hopefully do
some work on it with some guidance) once i know where to post
thanks
Original comment by osu...@gmail.com
on 24 Dec 2010 at 8:24
Was there any resolution to this issue?
Original comment by lif...@puppetlabs.com
on 19 Mar 2012 at 6:06
It slipped off my radar. Maybe someone can confirm whether this is still there?
Original comment by matt.zuk...@gmail.com
on 19 Mar 2012 at 6:36
Original issue reported on code.google.com by
osu...@gmail.com
on 21 Dec 2010 at 8:43