ChiliProject is not maintained anymore. Please be advised that there will be no more updates.

We do not recommend that you setup new ChiliProject instances and we urge all existing users to migrate their data to a maintained system, e.g. Redmine. We will provide a migration script later. In the meantime, you can use the instructions by Christian Daehn.

Forums » Discuss »

I need to understand session cookies. I cannot seem to autologin anymore.

Added by Patrick Naubert at 2011-09-27 12:41 am

Let's use Chiliproject.org as an example:

When I log into Chiliproject.org without the Remember Me checkmark, the site sets 4 cookies on Firefox:
  1. _chiliproject_session, expires at end of session
  2. __utma, expires 25 september, 2013
  3. __utmb, expires 26 september, 2011
  4. __utmc, expires at end of session
  5. __utmz, expires 27 march, 2012

I don't really known why the __utm<x> ones exist, but I am interested in the _chiliproject_session one anyways. Notice that it expires at the end of the session.

When I log into Chiliproject.org with the Remember Me checkmark, the site sets 5 cookies on Firefox:
  1. A blank-name cookie, expires 26 september, 2012
  2. _chiliproject_session, expires at end of session
  3. __utma, expires 25 september, 2013
  4. __utmb, expires 26 september, 2011
  5. __utmc, expires at end of session
  6. __utmz, expires 27 march, 2012

Now, I imagine that the blank name cookie is the one that is used by the Remember Me functionality. I do not understand why its name is blank (or undefined, I imagine). Also, when I leave my browser, and restart, that blank-name cookie is still there (makes sense) and when I go back to Chiliproject.org, the site still asks me to authenticate. That brings me to believe that chiliproject.org as a site doesn't permit autologin. If this is not the case, then the current site code is broken....

If we really set a blank name for the Remember Me cookie, then I think my Safari 5.1 doesn't set cookies with blank names, and that would explain why I can never autologin even with a 365 days autologin period set in CP prefs.


Replies (1)

RE: I need to understand session cookies. I cannot seem to autologin anymore. - Added by Felix Schäfer at 2011-09-27 06:46 am

Mmh, Chrome does show me 2 cookies for www.chiliproject.org too, though only one by name (_chiliproject_session). This is either a bug on the site configuration or even in ChiliProject, care to open an issue for that?

(1-1/1)