Evergreen

tpac: catalog does not immediately recognize "stay logged in" users

Bug #957375 reported by Kathy Lussier on 2012-03-16

This bug affects 4 people

Affects		Status	Importance	Assigned to	Milestone
	Evergreen	Fix Released	Medium	Unassigned	Evergreen 2.3.0-beta1
	2.2	Fix Released	Undecided	Unassigned	Evergreen 2.2.1

Bug Description

TPAC offers a "stay logged in" option for users when they are logging in. However, when those users return to the catalog, it doesn't immediately recognize that they are already logged in. The user must first click the "Your Account Log In" button for the catalog to display their account details in the upper right corner and to reset their search library.

Tags:

Revision history for this message

Thomas Berezansky (tsbere) wrote on 2012-03-16:

TPac fully recognizes logins across sessions, but only on SSL connections for security reasons. Most/all TPac connections currently start as non-SSL connections due to the way people and browsers load pages by default.

Thus, there are only two ways to "solve" this that I can think of:

1 - Force all TPac use to be over SSL, in general
2 - Create a secondary cookie that is visible on non-SSL connections that says "we were logged in" and force SSL usage in that case

I personally recommend #1.

Ben Shum (bshum) on 2012-05-30

Changed in evergreen:
status:	New → Confirmed
importance:	Undecided → Medium

Revision history for this message

Jason Stephenson (jstephenson) wrote on 2012-05-30:

I am inclined to go with solution #1 as well. SSL by default. SSL everywhere. (And not that cheap, 40-bit junk, either.)

Revision history for this message

Lebbeous Fogle-Weekley (lebbeous) wrote on 2012-05-30:

Surely #1 would really hurt busy sites, or those with webserver hardware only marginally adequate to their current load. I must definitely vote for #2.

Revision history for this message

Lisa Hill (lhill) wrote on 2012-07-20:

KCLS would also vote for # 2 and as of late have been getting a lot of patron complaints about this issue.
Is there anyone willing to code # 2 for a fix to this issue?
Thanks

Revision history for this message

Jeff Godin (jgodin) wrote on 2012-07-23:

I plan to tackle option #2 above.

Changed in evergreen:
assignee:	nobody → Jeff Godin (jgodin)

Revision history for this message

Jeff Godin (jgodin) wrote on 2012-07-24:

working code in user/jeff/lp957375_recognize_logged_in_users

looking for testing and signoff

Changed in evergreen:
assignee:	Jeff Godin (jgodin) → nobody
tags:	added: pullrequest

Revision history for this message

Jeff Godin (jgodin) wrote on 2012-07-24:

force pushed due to a minor descriptive error in the original commit message. new commit is d8f602036fd2b24a7e8f2c7fb2f1a520b807f149

this backports cleanly to rel_2_2

Revision history for this message

Lebbeous Fogle-Weekley (lebbeous) wrote on 2012-07-24:

Thanks Jeff. This worked well in my testing, and I think it's the kind of thing that people expected to be there all along, so I think it's bugfixy enough for backporting into rel_2_2, which I have done.

Changed in evergreen:
status:	Confirmed → Fix Committed
milestone:	none → 2.3.0-beta1

Jason Stephenson (jstephenson) on 2012-09-19

Changed in evergreen:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.