My favorites | Sign in
Project Home Downloads Wiki Issues Source
New issue   Search
for
  Advanced search   Search tips   Subscriptions
Issue 2687: "remember me" not honored
2 people starred this issue and may be notified of changes. Back to list
Status:  New
Owner:  ----


Sign in to add a comment
 
Reported by Martin.W...@gmail.com, May 28, 2014
************************************************************
***** NOTE: THIS BUG TRACKER IS FOR GERRIT CODE REVIEW *****
***** DO NOT SUBMIT BUGS FOR CHROME, ANDROID, INTERNAL *****
***** ISSUES WITH YOUR COMPANY'S GERRIT SETUP, ETC.    *****
***** THOSE ISSUE BELONG IN DIFFERENT ISSUE TRACKERS!  *****
************************************************************

Affected Version:
2.9-rc1, configured to authenticate via LDAP.

What steps will reproduce the problem?
1. Click 'Sign in', enter username and password, click 'Remember me'
2. On the next day, open Gerrit and click on 'Sign in' again.
3. Observe that 

What is the expected output? What do you see instead?
When enabling 'Remember me', I'd expect that I'm not automatically
signed out after a day.
When I'm signed out because of longer inactivity, I'd expect that the 'Remember me' field remembers its previous value.
Jun 2, 2014
#1 Martin.W...@gmail.com
Additionally, when the user selected 'remember me', the username field should be prefilled and the focus should be in the password field so that the next login does not require so many key strokes.

From looking at the code, the 'remember me' field only makes the login cookie persistent, but does not change the expiry time of 12h.

I suggest the following changes:
 * when 'remember me' is enabled, increase the expiry time to 24h.
 * when 'remember me' is enabled, store a second longer-lived cookie (~1 week),
   with the username as value
 * when 'remember me' is disabled then also delete this cookie
 * when this cookie is present, then prefill the username field,
   put the focus to the password field and also enable the 'remember me' field
Jun 2, 2014
Project Member #2 edwin.ke...@gmail.com
The expiry time of the web sessions is defined by the maxAge parameter of the web_sessions cache in the gerrit.config file [1]. 12h is the default expiry time for web sessions. If you want it to be longer, increase it in the gerrit.config file.

[1] https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#cache
Jun 2, 2014
#3 Martin.W...@gmail.com
Ah, thanks, I missed that configuration option.

Still I think that the 'remember me' field should do more.
I keep my web browser open for the entire week,
so the change from a per-session to a persistent cookie does not really change anything for me...

What do you think about my other proposals?
Jun 26, 2014
#4 mani.cha...@gmail.com
Hi,
I checked logging in with LDAP auth and "Remember me" box checked in recent master.
After I signed out and tried to login again then the username and password were pre-filled with the last username and password that I logged in.
So, it seems the other proposal are already fulfilled.
Can you please let me know if anything else remains from the above suggestions that you made.
Thanks.
Jun 26, 2014
#5 mani.cha...@gmail.com
I tested initially by starting gerrit site in GWT mode then it is working as expected i.e. remembering the username when Remember me is checked but when I started gerrit site with daemon then it does not remember username even when Remember me is clicked.
PS-No changes were made in code. Gerrit site was started from the latest master.
Jun 26, 2014
#6 Martin.W...@gmail.com
I use gerrit in daemon mode and it does not remember the login name.
I'm either still logged in, or I am presented an empty login field.
Feb 8, 2015
#7 yairogen
Doesn't seem to work in chrome but it does work with firefox and IE. In chrome once session is expired you have to retype use and password.
Sign in to add a comment

Powered by Google Project Hosting