Fossil SCM
Issues with logging-in
dbf79085170a1f4…
· opened 16 years, 5 months ago
- Type
- Feature_Request
- Priority
- Immediate
- Severity
- Important
- Resolution
- Fixed
- Subsystem
- —
- Created
- Oct. 13, 2009 6:21 a.m.
The login mechanism used by fossil uses remote IP, which can change very often based on http proxy service provider.
From may work place, I see that I'm logged in for many pages and I'm always logged out for other. This is very consistent and such behavior is seen only with fossil.
This mechanism needs correction.
- Altu
drh added on 2009-10-31 13:30:11:
For security reasons, I want to continue to associate login credentials
with a particular IP address. I have moved this ticket from "code defect"
to "feature request".
Comments (1)
The IP part of the login cookie was removed a few years ago because it leads to spurious logouts, in particular in the forum when one can be logged out in the middle of writing a post (which leads to the post being submitted as the anonymous user). The rise of mobile devices for accessing fossil, and their tendency to get new IPs as they travel across networks, was one factor which led to this change.