View Issue Details

IDProjectCategoryView StatusLast Update
0004514OXID eShop (all versions)1.05. Userspublic2015-05-04 15:21
Reporter[email protected] 
PriorityhighSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
Product Version4.6.0 revision 44406 
Target Version4.6.6 revision 54646Fixed in Version4.6.6 revision 54646 
Summary0004514: Auto Login fails when changing passwords
DescriptionWhen auto-login is enabled, and the password is changed afterwards (by user himself or admin), auto-login fails.
If SSL is enabled, the user is always redirected to the start-page.
Steps To Reproducelogin, while checking the "remember password" checkbox.
check your cookie which holds login information.
change password in user settings
Check cookie again: Password is not updated.
Close/reopen webbrowser
No auto login
when ssl is active user is always redirected to startpage
Additional InformationThe method getUserCookie redirects to start page in ssl when remember me cookie is set.
Login is via cookie is not possible (because password changed).
Further clicks are to non-ssl sites => redirected back to startpage in ssl
User can't login anymore

Possible solution:
In oxuser->loadActiveUser delete the cookie when login is not successfull.
TagsHTTPS
ThemeBoth
BrowserAll
PHP Versionany
Database Versionany

Relationships

related to 0004692 resolvedaurimas.gladutis auto login always redirects to secure startpage 

Activities

aurimas.gladutis

2012-12-20 09:21

reporter   ~0008181

Fixed. Now cookie is cleared if autologin fails or password is changed. Ssl redirction to wrong page is also fixed.