Launchpad itself

feeds destroy your session cookie

Bug #271142 reported by Martin Pool
6
Affects Status Importance Assigned to Milestone
Launchpad itself
Fix Released
High
Edwin Grubbs
Launchpad itself 2.1.10

Bug Description

For the last few days I've found that I keep getting logged out of edge. I can log in again and it works for a while.

This morning when I first used Launchpad at about 9:10 (utc+10) I had to log in, despite using it from this machine last night. Then at about 9:40 I found I was logged off again and had to reauthenticate.

This is a bit annoying not least because Launchpad encourages you to have many tabs open and they all need to be reloaded, and form submissions can be lost.

I'm using Firefox on Intrepid. I'm only using one machine at a time to talk to Launchpad. I don't have any relevant plugins installed; I'm not using a privacy proxy; I have Firefox set to 'keep cookies until they expire.'

I have two cookies set for Launchpad, 'edge' and 'lp' and both are set to expire on Saturday the 12th September 2009.

More details in https://answers.edge.launchpad.net/launchpad/+question/44913

See original description
Revision history for this message
Martin Pool (mbp) wrote :

Someone please help, this is biting me every hour.

description: updated
Revision history for this message
Martin Pool (mbp) wrote :

OK, the problem is tied to using a Launchpad feed as a live bookmark in firefox. Thanks Tim for the hint.

I have http://feeds.edge.launchpad.net/bzr/branches.atom as a live bookmark. Every time firefox reloads it, I get a new edge session cookie. It's 100% reproducible if I manually choose 'reload live bookmark' and automatic polling would probably give the observed behaviour of being logged out about every hour.

Changed in launchpad:
importance: Undecided → High
status: New → Confirmed
Revision history for this message
Graham Binns (gmb) wrote :

I'm seeing the same activity, but I'm not loading the feed as a live bookmark. Instead, http://feeds.launchpad.net/~gmb/latest-bugs.atom is being pulled into my blog sidebar. The last time it was pulled was at 03:45 UTC; at 04:00 UTC I found myself having to log in again on edge.

Since the times are only coincidental at the moment I'll experiment with this, see if I can get it to log me out again.

Edwin Grubbs (edwin-grubbs)
Changed in launchpad:
assignee: nobody → edwin-grubbs
status: Confirmed → In Progress
Revision history for this message
Martin Pool (mbp) wrote :

I'm not 100% sure this is correct, but:

I have removed the live bookmark from my desktop, and yesterday it was working ok at keeping its session alive. Now I've started up my laptop, which still has the bookmark, and it seems to have logged out both machines. So it _may_ be that using the feed destroys all your sessions, rather than just giving a new cookie to the user agent reading the feed?

Revision history for this message
Edwin Grubbs (edwin-grubbs) wrote :

Revision 7036.
Cherry picked on Sept 19.

Changed in launchpad:
milestone: none → 2.1.10
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Related questions

Remote bug watches

Bug watches keep track of this bug in other bug trackers.