|Summary:||Logs wrong people in|
|Product:||[Community] Bugzilla||Reporter:||Riley H Williams <rhw>|
|Component:||Bugzilla General||Assignee:||David Lawrence <dkl>|
|Status:||CLOSED NOTABUG||QA Contact:|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||1999-12-14 15:58:52 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
Description Riley H Williams 1999-11-28 17:46:24 UTC
Bugzilla appears to have a problem connected with logging people in when they post bugs. The situation here probably isn't a common one, and doubtless contributes to the occurrance of this problem, so I will describe it: First, the computers here are located in computing laboratories, with perhaps a dozen computers in each laboratory. These computers are equipped with "Windows NT Workstation 4.0" which I am currently using due to the particular homework I am working on. As is probably common with university computing laboratories, different people get to use each machine at different times, and it is not uncommon for the machines to not get rebooted between users. I have just reported a bug relating to the initscripts package, and I was never asked for a login when doing so. Having posted the bug report, I note that the "Reporter" listed is not me, but "firstname.lastname@example.org" instead. I presume that the owner of that address was the previous user of this particular system to use Bugzilla, and have put him/her in the CC list for this report because of this fact. I do not know whether the system has been rebooted between him/her using this system to use Bugzilla and my doing so, nor do I have any means of finding out whether such is the case as I do not admin these systems. I would suggest that an option be added to the user status record such that users who may be susceptible to this problem can indicate such, and Bugzilla takes extra measures to ensure that the correct user is allocated when this option is set.
Comment 1 David Lawrence 1999-11-29 17:36:59 UTC
Comment 2 Riley H Williams 1999-11-29 18:47:59 UTC
Many thanks. Closed.
Comment 3 Riley H Williams 1999-12-04 15:22:59 UTC
Just a thought, but could the cookies be set to timeout after some reasonable time? I for one would have no problem with a system whereby I was required to log in again if I hadn't used Bugzilla during the last 120 minutes, for example. From an implementation point of view, this should amount to the following: 1. Each cookie specifies a timeout 120 minutes after issue. 2. When a browser presents a cookie that is more than 15 minutes old, we send a replacement cookie with a new timeout. As an example of this, I have just returned after four days without access to the Internet to find that I'm still logged on as far as Bugzilla is concerned. My opinion is that Bugzilla should at worst timeout cookies after 24 hours.
Comment 4 David Lawrence 1999-12-14 15:58:59 UTC
I have talked to people here internally about doing this before with very little positive reactions. Developers here spend alot of time in Bugzilla and have voiced that it is annoying to have to relogin frequently so we set the cookie expiration for a really large number. Until I or someone else in the Bugzilla community figure out a easier way of authentication that implements well with the current Bugzilla way of doing things we will probably have to leave this one as is.