Ticket #1628 (new enhancement)

Opened 9 months ago

Last modified 4 days ago

Identity fails without message when cookies are disabled

Reported by: chrisz Assigned to: anonymous
Priority: normal Milestone: 1.1
Component: TurboGears Version: 1.0.4b3
Severity: normal Keywords: cookies identity login
Cc:

Description

When cookies are disabled in your browser, then Identity lets you log in, but you immediately loose your credentials again. That's confusing for users.

I suggest the following patch that does not let you log in unless cookies are enabled and gives the user a message about this problem in the login dialog.

Alternatively, one could issue flash() message when cookies are disabled. However, this can easily be overwritten by other flash() messages. For instance, the default project sets its own "The application is now running" flash() message so you would never see this error.

Attachments

no_cookie_patch_branch_1_0.patch (5.2 kB) - added by chrisz on 12/22/07 04:55:06.
Patch against 1.0 branch
no_cookie_patch_2_branch_1_0.patch (12.5 kB) - added by chrisz on 12/22/07 04:55:42.
Patch with template unit tests against 1.0 branch

Change History

12/16/07 06:40:26 changed by Chris Arndt

We should set the milestone for this to 1.1, IMHO. We really need to get 1.0.4 out the door soon and this is too big a change for this late time in the release process.

We can always decide afterwards, whether we want to do another 1.0.x bugfix release.

12/16/07 06:59:17 changed by chrisz

It looks a bit bigger than it really is, and I have it already in production. But if you don't feel confident about this, we can move it to 1.0.5/1.1.

By the way, just noticed that another reason why the error has to be appended to the login message instead of flash is that flash also depends on cookies being enabled.

12/16/07 10:12:31 changed by chrisz

I have now simplified the patch and added unit tests to the quickstart template.

12/16/07 14:14:49 changed by chrisz

My unit tests covered only the error case so far. I thought when I'm already at it I should add another unit test to the quickstart template verifying that you can log in and log out with the right credentials.

12/22/07 04:55:06 changed by chrisz

  • attachment no_cookie_patch_branch_1_0.patch added.

Patch against 1.0 branch

12/22/07 04:55:42 changed by chrisz

  • attachment no_cookie_patch_2_branch_1_0.patch added.

Patch with template unit tests against 1.0 branch

01/21/08 08:24:47 changed by Chris Arndt

  • milestone changed from 1.0.4 to 1.1.

08/24/08 10:27:00 changed by faide

  • milestone changed from 1.5 to 1.1.