Site won't work if cookies not enabled

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Log in using openid and the provider of the openid will require cookies
enabled.
2. Log in by username and password and it will fail

We need to either operate the site without cookies somehow or detect if
cookies are enabled or not

Original issue reported on code.google.com by terrasea on 23 Sep 2008 at 11:48

[GoogleCodeExporter]

Sorry James, looks like I should have read my emails before fixing this, I hope 
you
werent too attached to doing it yourself.
Anyway session tracking now should work without cookies enabled. In the future 
if
your page should be able to be viewed without a user logged in then put

HttpSession s = request.getSession(false);

otherwise

HttpSession s = request.getSession(true);

up the top of the page and then use the variable s for all session work within 
the
page, thats all there is to it.
-A

Original comment by arlo.pho...@gmail.com on 23 Sep 2008 at 9:23

• Changed state: Fixed

[GoogleCodeExporter]

whoops I got that the wrong way round. If your page should be able to be viewed
without the user logging in then put:
HttpSession s = request.getSession(true);
else
HttpSession s = request.getSession(false);
Sorry for the confusion.

Original comment by arlo.pho...@gmail.com on 23 Sep 2008 at 9:26

[GoogleCodeExporter]

Yes I agree this will fix the issue of users viewing the site without cookies
enabled, but the issue is still there.  The fact is requiring cookies can't be 
got
around unless the user logs in using a username and password.  However OpenId
Providers can't be controlled.  We can't make them authenticate users without 
cookies
enabled.  It is up to them whether they allow this or not.  This makes this a 
issue
that won't go away.  We can't fix it, so we have to do a check to see if 
cookies are
enabled and if they are not display a message saying what the problem with them 
doing
this is.

Original comment by terrasea on 25 Sep 2008 at 1:26

• Changed state: Started
• Added labels: Usability

[GoogleCodeExporter]

The site no longer works (allows a user to login without openid) without cookies
enabled. No messages are displayed. I assume it is something you have done 
James, as
nothing seems to have changed with the index and welcome pages. Did something 
get
changed in the login servlets?

Original comment by arlo.pho...@gmail.com on 29 Sep 2008 at 9:23

[GoogleCodeExporter]

More precisely with cookies disabled:

IE8 Vista login fails, no reason given.
IE7 XP login succeeds, site works.
Firefox 3 Vista login is rejected with a popup error.

Why do we have to limit the user's options when logging in without open id?

Original comment by arlo.pho...@gmail.com on 29 Sep 2008 at 10:01

[GoogleCodeExporter]

Because the way in which the authentication takes place. It never worked without
cookies.  It relies on session.setAttribute() which without cookies will not 
get set,
or if it somehow does will disappear when you load the next page.  On this next 
page,
when you check to see if they are logged in or not, you will get a null 
returned on
the session.getAttribute("signed_in").  That is why cookies must be enabled.

I don't know why IE7 succeeds and why IE8 fails without a error, but Firefox 
has done
what it should do.

I even tried it with lynx a text only browser, and when I rejected the cookie 
the
site wanted me to use, it failed to.

The error message, as I previously stated, for when you have not got cookies 
enabled,
needs to be altered, as I realised after I did it, for it to be displayed needs
cookies to be enabled. I will think of a way around this.  However if the 
browser
works the way it should, then the javascript should prevent them from getting 
that
far anyway.

Original comment by terrasea on 29 Sep 2008 at 10:40

[GoogleCodeExporter]

session.getAttribute works with cookies disabled if you have used the java 
session
API correctly. Instead of using cookies (if they are disabled) it just rewrites 
the
URL to include the session information.

Original comment by arlo.pho...@gmail.com on 29 Sep 2008 at 7:20

[GoogleCodeExporter]

I tested the site without cookies enabled on IE8 and Firefox 3 and all the 
features
worked correctly just after I made the modifications to how we used the 
sessions.

Original comment by arlo.pho...@gmail.com on 29 Sep 2008 at 7:22

[GoogleCodeExporter]

Well I'm looking forward to the changes you made being committed.  Thank you.

Original comment by terrasea on 29 Sep 2008 at 7:42

[GoogleCodeExporter]

Defect fixed by Arlo

Original comment by parul2...@gmail.com on 14 Oct 2008 at 9:14

• Changed state: Fixed
• Added labels: Milestone-Release1.0