search

zeruniverse / Password-Manager

An online keepass-like tool to manage password. client-side AES encryption!
Other
170 stars 44 forks source link

Cookie issue: Session timed out #131

Closed Pofilo closed 7 years ago

Pofilo commented 7 years ago

I'm doing some tests on my fork and I have the same issue than in the master branch here.

The problem is that when you connect for the first time on a browser, you are always disconnected with the message:

Session timed out

The problem obviously comes from the cookie ServerRenew. The patch in 034aa86377c6b93928677d2674a07f9823ce72ea f93076703d6d6cfc2c634545897a00b35f647198 doesn't seem to solve it.

When you take a look, 2 cookies named ServerRenew are created:

Does the problem come from that ?

Thanks and have a nice week :)

zeruniverse commented 7 years ago

Check if you have f93076703d6d6cfc2c634545897a00b35f647198

Pofilo commented 7 years ago

Yeah, i juste made a git clone of https://github.com/zeruniverse/Password-Manager so I have it.

Oh, ok I just realize i put the wrong commit in my message, I wanted to say https://github.com/zeruniverse/Password-Manager/commit/f93076703d6d6cfc2c634545897a00b35f647198.

zeruniverse commented 7 years ago

Could you try to set the head to that commit and test it again? I think I tested it after committing f93076703d6d6cfc2c634545897a00b35f647198

Pofilo commented 7 years ago

It was working after https://github.com/zeruniverse/Password-Manager/commit/f93076703d6d6cfc2c634545897a00b35f647198.

Tho, the 2 cookies were already created at this moment.

zeruniverse commented 7 years ago

Could you try to delete those 2 cookies and try again? or you can use private browsing mode.

@BenjaminHae Please check if your commit 034aa86377c6b93928677d2674a07f9823ce72ea -> e65c8a68a7eb10aece393172a54b77a2056413d8 caused the problem. Thanks!

BenjaminHae commented 7 years ago

Found the issue. When the cookie is set by check.php it's bound to the path /rest. So it can't be found by the javascript as this is executed in /.

I'll look into the best way to set it right.

zeruniverse commented 7 years ago

Thanks

On Tue, Mar 7, 2017 at 12:39 AM Benjamin Häublein notifications@github.com wrote:

Found the issue. When the cookie is set by check.php it's bound to the path /rest. So it can't be found by the javascript as this is executed in /.

I'll look into the best way to set it right.

— You are receiving this because you commented.

Reply to this email directly, view it on GitHub https://github.com/zeruniverse/Password-Manager/issues/131#issuecomment-284656836, or mute the thread https://github.com/notifications/unsubscribe-auth/AEbvNKSwlfmQrjrkhzxRaT1YUMnHqfz5ks5rjRelgaJpZM4MUvru .