ChiliProject is not maintained anymore. Please be advised that there will be no more updates.
We do not recommend that you setup new ChiliProject instances and we urge all existing users to migrate their data to a maintained system, e.g. Redmine. We will provide a migration script later. In the meantime, you can use the instructions by Christian Daehn.
Need to relogin after each action (Bug #576)
Description
After beeing logged into the project for a couple of days, it occurs that literarly after each klick i am asked to sign in again:
Klick on new issue, fill in the issue, preview is still fine. Trying to save the issue, the login mask comes up. No matter if i login or not, the issue i filled in before is lost!
Up to now 5 users have reproduced this with Iceweasel (Debians version of Firefox), Chromium and Opera.
Workaround is to clear the browser cache, restart the browser.
History
Updated by Tom Rochette at 2011-08-15 09:37 am
Can you specify which version of chiliproject you are using?
Updated by Eric Davis at 2011-08-16 10:23 pm
Are you running a custom theme or do you have any plugins installed? I noticed the same thing on my site which has a custom theme/layout. The problem was my theme wasn't including the csrf_meta_tag so a recent change caused all Ajax actions to log me out (d7a9adf8807).
- Status changed from Open to Needs more information
Updated by Alf Gaida at 2011-08-17 07:05 pm
- Redmine Checkout plugin
- Redmine Assets plugin
- Redmine Time Tracker plugin
- Redmine Wiki Extensions plugin
- Redmine Wiki Issue Details plugin
- Timesheet Plugin
with ruby-enterprise and passenger
Style: Chiliproject without modifications.
Updated by Alf Gaida at 2011-08-23 11:29 am
Sorry, i forgot to mention: This is the installation, where the bug is happen.
A hint could be: Have the same error one time, using chrome and firefox with a lot of issues open. After killing all instances of chrome and firefox everything is fine.
Updated by Felix Schäfer at 2011-08-23 08:59 pm
Alf Gaida wrote:
A hint could be: Have the same error one time, using chrome and firefox with a lot of issues open.
You can't be logged in from different browsers, i.e. once you're logged in in chrome, you're logged out on firefox and vice versa. That's due to the default implementation of sessions in rails (they are completely stored in the cookie, hence not shared across browsers).
Updated by Ferdinand Thommes at 2011-08-28 07:05 am
A user reports: "It happens here periodicaly, mostly when i have multiple instances of the wiki open in firefox and do edits, copy and paste between different wiki pages.It also happens if i jump around different pages in the wiki"
Updated by Felix Schäfer at 2011-08-30 05:52 am
OK, so I think there's different things happening here: first, as I said, in the default configuration, you can't be logged in in multiple browsers at once, that doesn't seem to be the case here though. Second, rails has a mechanism to thwart CSRF attacks by including unique keys to forms, those keys are invalidated after some time though, so if you try to submit a form you've opened say a day ago (the actual timeout is probably shorter), it will error out because of this protection mechanism.
Updated by Felix Schäfer at 2011-11-30 06:50 am
Ferdinand, Alf, is this still something that you can observe and reproduce in the time before the anti-CSRF keys expire?
Updated by Alf Gaida at 2011-11-30 08:33 am
In my case, not really. But i'm not running in that problem often.
In german, because my english is to bad: Ich hatte das Problem nie störend, das kann aber daran liegen, dass ich alle Clientcaches auf ein Minimum gesetzt habe. Ausserdem hatte ich zu dieser Zeit, als das richtig störend war, einige Implementationsfehler in den damals aktuellen Browsern festgestellt. Das scheint behoben zu sein, ist auf jeden Fall für mich nicht mehr zu reproduzieren.
Updated by Eric Davis at 2011-12-01 10:48 pm
- Subject changed from Need to register after each action to Need to relogin after each action
Updated by Luke Carrier at 2013-01-03 11:21 pm
This ticket is over a year old with no follow up in over 12 months, and I believe (I'm not a German speaker, but got a rough gist from G Translate) that Alf Gaida had stated he had been unable to reproduce the issue anyway.
- Status changed from Needs more information to Closed
Updated by Felix Schäfer at 2013-01-04 12:42 am
Luke, thanks for the cleanup!