On Tue, Jun 25, 2019 at 10:44 AM Mo <burcheri.mass...@gmail.com> wrote:
> Hi, we migrated from Trac 1.2 to 1.2.3. We also switched from webserver > htpasswd to AccountManagerPlugin using htdigest. > Did you remove the handler (Location directive) for /login in your web server configuration? If not, the web server will intercept and route the request. > The reason was I would like to make it possible for people to self > register. > Then before it was not possible for people to set their own password. > As far as I know this all is only possible with the AccountManagerPlugin. > > This all works fine. The admin/accounts/users are empty and I like to make > all register themselve. > > Now I see a weird isse. One user with its browser session is still able to > login. After logout and login he is logged in whithout password. I can't > reproduce this with an empty browser profile. > After he logged in, I see in trac-admin project session list: > > SID:TheUser > Auth:1 > Last Visit:<today> > All the rest is empty. > > After deleting this session the user can still login. There is no entry > about that user in the htdigest file that is configured with htdigest_file. > How can that be? I like all users to re-register, but after testing with > one user it seems that all can login without password. > > Best regards > Please share you [account-manager] section from trac.ini -- You received this message because you are subscribed to the Google Groups "Trac Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to trac-users+unsubscr...@googlegroups.com. To post to this group, send email to trac-users@googlegroups.com. Visit this group at https://groups.google.com/group/trac-users. To view this discussion on the web visit https://groups.google.com/d/msgid/trac-users/CA%2BBGpn_JuN1rh%3DNS2xM455PV7Us6ym6Cgk4OVPKZpCKsRtP74A%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
