[JIRA] (JENKINS-16278) Remember me on this computer does not work, cookie is not accepted in new session
Hendrik Millner commented on JENKINS-16278 Remember me on this computer does not work, cookie is not accepted in new session But this date should point to two weeks in the future... Seems to be a problem with long expiryTime = System.currentTimeMillis() + (tokenValiditySeconds * 1000);, for some reason your tokenValiditySeconds seems to be zero (or less). This field is also used as maxCookieAge and is actually never ever touched in Jenkins. It is initialized with protected long tokenValiditySeconds = 1209600; // 14 days and thus should not be zero... Anyone else has an idea on this? I cannot tell anything more without extra debugging information, but since I cannot reproduce the error on my system we would need to do this on your system. This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[JIRA] (JENKINS-16278) Remember me on this computer does not work, cookie is not accepted in new session
Alexander Artemov reopened JENKINS-16278 Remember me on this computer does not work, cookie is not accepted in new session I still have the same issue in Jenkins 1.502 - every half an hour - hour I am logged off and have to login again. Change By: Alexander Artemov (20/Feb/13 11:30 AM) Resolution: Fixed Status: Resolved Reopened This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[JIRA] (JENKINS-16278) Remember me on this computer does not work, cookie is not accepted in new session
Hendrik Millner commented on JENKINS-16278 Remember me on this computer does not work, cookie is not accepted in new session Personally, I do not experience this problem in 1.502. What does your RememberMe cookie look like (contents of ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE)? Please have a look at the expiration date, as well. This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[JIRA] (JENKINS-16278) Remember me on this computer does not work, cookie is not accepted in new session
Alexander Artemov commented on JENKINS-16278 Remember me on this computer does not work, cookie is not accepted in new session It looks like: YWFydGVtb3Y6MTM2MTQyNzY0NDA0OTpjZjdlYjZmNTI2NjA2ZDg1Mzc5NWEwMDkyMGUzODhmMw== It's expiration date it 6.5 hours earlier than the present time. This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[JIRA] (JENKINS-16278) Remember me on this computer does not work, cookie is not accepted in new session
Hendrik Millner commented on JENKINS-16278 Remember me on this computer does not work, cookie is not accepted in new session Whoops.. Well, the token is looking fine, but the expiration date is not. The system clock of your Jenkins is not coincidentally running behind by two weeks and 6.5 hours, relative to your system time? This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[JIRA] (JENKINS-16278) Remember me on this computer does not work, cookie is not accepted in new session
Alexander Artemov commented on JENKINS-16278 Remember me on this computer does not work, cookie is not accepted in new session No, jenkins runs at the same time as my machine. Jenkins runs on the server which time is the same as on my machine. It's Feb 20, 2013 5:49:00 PM now in Jenkins. This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[JIRA] (JENKINS-16278) Remember me on this computer does not work, cookie is not accepted in new session
Hendrik Millner commented on JENKINS-16278 Remember me on this computer does not work, cookie is not accepted in new session You should create a new log recorder to have a closer look at the debugging messages concerning the RememberMe cookie. You can do this at Manage Jenkins Logs. Add a new log recorder with any name you like and then add a logger "org.acegisecurity.ui.rememberme" in its configuration, setting the severity in the drop-down list to "FINE". This log recorder should then present you lots of messages around the RememberMe token. Upon a new login with "remember me" set, you should get a log line like this one: "Feb 20, 2013 4:24:31 PM hudson.security.TokenBasedRememberMeServices2 loginSuccess FINE: Added remember-me cookie for user 'millner', expiry: 'Wed Mar 06 16:24:31 CET 2013'" What expiration date is shown there at your Jenkins? This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[JIRA] (JENKINS-16278) Remember me on this computer does not work, cookie is not accepted in new session
Alexander Artemov commented on JENKINS-16278 Remember me on this computer does not work, cookie is not accepted in new session Created and the date is ok - Feb 21, 2013 10:54:37 This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[JIRA] (JENKINS-16278) Remember me on this computer does not work, cookie is not accepted in new session
Alexander Artemov edited a comment on JENKINS-16278 Remember me on this computer does not work, cookie is not accepted in new session Created and the date is ok - Feb 21, 2013 10:54:37 (this is our local time - Russia, Saint-Petersburg) This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[JIRA] (JENKINS-16278) Remember me on this computer does not work, cookie is not accepted in new session
Tomas Hellberg commented on JENKINS-16278 Remember me on this computer does not work, cookie is not accepted in new session For which release will this fix be available? I'm at 1.500 and still have to keep logging in over and over. This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[JIRA] (JENKINS-16278) Remember me on this computer does not work, cookie is not accepted in new session
Hendrik Millner commented on JENKINS-16278 Remember me on this computer does not work, cookie is not accepted in new session It is queued for 1.501 This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[JIRA] (JENKINS-16278) Remember me on this computer does not work, cookie is not accepted in new session
SCM/JIRA link daemon commented on JENKINS-16278 Remember me on this computer does not work, cookie is not accepted in new session Code changed in jenkins User: Hendrik Millner Path: core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java http://jenkins-ci.org/commit/jenkins/83c95d51bae57fc328e5b1fb080875234a1b0429 Log: FIXED JENKINS-16278 Fixed RememberMe cookie signature generation (bugfix on SECURITY-49) New cookie signature generation was not implemented in creation of RememberMe cookie, but only in its verification. Fixed by new override TokenBasedRememberMeServices2.loginSuccess (cherry picked from commit 91bbae3c35230734fd2cf6926a7ac1239119fc6e) This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira
[JIRA] (JENKINS-16278) Remember me on this computer does not work, cookie is not accepted in new session
SCM/JIRA link daemon commented on JENKINS-16278 Remember me on this computer does not work, cookie is not accepted in new session Code changed in jenkins User: Olivier Lamy Path: changelog.html http://jenkins-ci.org/commit/jenkins/fa6a84c54506fc25531a039f931870880f6fa182 Log: changelog entry for JENKINS-16278(cherry picked from commit 0b5a4a3550dcff91b1bedeb77415f683b659634b) Conflicts: changelog.html This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira
[JIRA] (JENKINS-16278) Remember me on this computer does not work, cookie is not accepted in new session
SCM/JIRA link daemon commented on JENKINS-16278 Remember me on this computer does not work, cookie is not accepted in new session Code changed in jenkins User: Hendrik Millner Path: core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java http://jenkins-ci.org/commit/jenkins/91bbae3c35230734fd2cf6926a7ac1239119fc6e Log: FIXED JENKINS-16278 Fixed RememberMe cookie signature generation (bugfix on SECURITY-49) New cookie signature generation was not implemented in creation of RememberMe cookie, but only in its verification. Fixed by new override TokenBasedRememberMeServices2.loginSuccess This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira
[JIRA] (JENKINS-16278) Remember me on this computer does not work, cookie is not accepted in new session
SCM/JIRA link daemon commented on JENKINS-16278 Remember me on this computer does not work, cookie is not accepted in new session Code changed in jenkins User: Olivier Lamy Path: changelog.html http://jenkins-ci.org/commit/jenkins/0b5a4a3550dcff91b1bedeb77415f683b659634b Log: changelog entry for JENKINS-16278 This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira
[JIRA] (JENKINS-16278) Remember me on this computer does not work, cookie is not accepted in new session
dogfood commented on JENKINS-16278 Remember me on this computer does not work, cookie is not accepted in new session Integrated in jenkins_main_trunk #2213 FIXED JENKINS-16278 Fixed RememberMe cookie signature generation (bugfix on SECURITY-49) (Revision 91bbae3c35230734fd2cf6926a7ac1239119fc6e) changelog entry for JENKINS-16278 (Revision 0b5a4a3550dcff91b1bedeb77415f683b659634b) Result = SUCCESS hendrik.millner : 91bbae3c35230734fd2cf6926a7ac1239119fc6e Files : core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java Olivier Lamy : 0b5a4a3550dcff91b1bedeb77415f683b659634b Files : changelog.html This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira
[JIRA] (JENKINS-16278) Remember me on this computer does not work, cookie is not accepted in new session
Jesse Glick commented on JENKINS-16278 Remember me on this computer does not work, cookie is not accepted in new session @pickgr1 it is already on the 1.480.3 backport candidate list. This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira
[JIRA] (JENKINS-16278) Remember me on this computer does not work, cookie is not accepted in new session
Jesse Glick resolved JENKINS-16278 as Fixed Remember me on this computer does not work, cookie is not accepted in new session Not sure why this did not already get marked fixed automatically. Change By: Jesse Glick (24/Jan/13 7:22 PM) Status: InProgress Resolved Resolution: Fixed This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira
[JIRA] (JENKINS-16278) Remember me on this computer does not work, cookie is not accepted in new session
Timo Leinonen commented on JENKINS-16278 Remember me on this computer does not work, cookie is not accepted in new session We are experiencing the same issue, but on the LTS version 1.480.2 This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira
[JIRA] (JENKINS-16278) Remember me on this computer does not work, cookie is not accepted in new session
Hendrik Millner started work on JENKINS-16278 Remember me on this computer does not work, cookie is not accepted in new session Change By: Hendrik Millner (15/Jan/13 3:40 PM) Status: Open InProgress This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira
[JIRA] (JENKINS-16278) Remember me on this computer does not work, cookie is not accepted in new session
Hendrik Millner commented on JENKINS-16278 Remember me on this computer does not work, cookie is not accepted in new session commit a9aff088 SECURITY-49 introduced a change in signature generation for the remember me token in jenkins/core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java: String expectedTokenSignature = MAC.mac(userDetails.getUsername() + ":" + tokenExpiryTime + ":" + "N/A" + ":" + getKey()); This code is used to VERIFY a cookie sent to Jenkins. The new verification process seems fine, but the change in code is NOT reflected in org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices.class . loginSuccess, where remember me cookies are created and sent to the user. Here, the old signature generation is still being used: String signatureValue = DigestUtils.md5Hex(username + ":" + expiryTime + ":" + password + ":" + key); I suggest either @Overriding TokenBasedRememberMeServices.loginSuccess in /jenkins-core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java as well to rely on TokenBasedRememberMeServices2.makeTokenSignature, or revert to the old md5 signature. Any comments? This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira
[JIRA] (JENKINS-16278) Remember me on this computer does not work, cookie is not accepted in new session
Hendrik Millner assigned JENKINS-16278 to Hendrik Millner Remember me on this computer does not work, cookie is not accepted in new session Change By: Hendrik Millner (15/Jan/13 8:21 PM) Assignee: HendrikMillner This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira
[JIRA] (JENKINS-16278) Remember me on this computer does not work, cookie is not accepted in new session
Jesse Glick commented on JENKINS-16278 Remember me on this computer does not work, cookie is not accepted in new session https://github.com/jenkinsci/jenkins/pull/673 This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira
[JIRA] (JENKINS-16278) Remember me on this computer does not work, cookie is not accepted in new session
Martin Scherer commented on JENKINS-16278 Remember me on this computer does not work, cookie is not accepted in new session would love to see this pull request in the LTS version, as this affected too. This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira
[JIRA] (JENKINS-16278) Remember me on this computer does not work, cookie is not accepted in new session
Bao Xiaopan(Bob) commented on JENKINS-16278 Remember me on this computer does not work, cookie is not accepted in new session Same Problem occurred in my side... What's the latest status for this topic?! This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira
[JIRA] (JENKINS-16278) Remember me on this computer does not work, cookie is not accepted in new session
Hendrik Millner created JENKINS-16278 Remember me on this computer does not work, cookie is not accepted in new session Issue Type: Bug Affects Versions: current Assignee: Unassigned Components: security Created: 08/Jan/13 12:15 PM Description: As of Jenkins version 1.498 the "Remember me" login cookie is not accepted resulting in a necessary login each time a new Jenkins session is started (loss of session cookie). The versions 1.496 and 1.497 did not show this issue. Environment: Jenkins 1.498 on Debian Squeeze with Java 1.6.0_26 Project: Jenkins Priority: Major Reporter: Hendrik Millner This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira
[JIRA] (JENKINS-16278) Remember me on this computer does not work, cookie is not accepted in new session
Hendrik Millner updated JENKINS-16278 Remember me on this computer does not work, cookie is not accepted in new session Change By: Hendrik Millner (08/Jan/13 12:29 PM) Description: AsofJenkinsversion1.498theRemembermelogincookieisnotacceptedresultinginanecessarylogineachtimeanewJenkinssessionisstarted(lossofsessioncookie).Theversions1.496and1.497didnotshowthisissue. WeareusingJenkinsbuilt-inuserauthentication This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira