Tags:
create new tag
, view all tags

Bug: Users are asked for old details twice, once on the form and again by http auth

BeijingRelease and AthensRelease did not require valid-user for the TWiki.ChangePassword process. Cairo does. This means users are asked for the same information twice. Many users will not understand that HTTP AUTH is asking for the old details, this leads to confusion.

Test case

  1. Log out of TWiki.org;
  2. go straight to http://twiki.org/cgi-bin/view/TWiki/ChangePassword and change your password.
  3. After you have filled in the form HTTP AUTH will ask you for your old username/password again

Environment

TWiki version: TWikiRelease01Sep2004
TWiki plugins: DefaultPlugin, EmptyPlugin, InterwikiPlugin
Server OS: all
Web server: all
Perl version: all
Client OS: all
Web Browser: all

-- MartinCleaver - 19 Nov 2004

Follow up

  1. RafaelAlvarez verifies that this problem exhibits itself at TWikiDotOrg
  2. ChrisDevers verifies this at both TWikiDotOrg as well as a separate Twiki install. Further, the problem has only been seen with Safari on OSX; Linux and Windows users at my company have not seen it at all, and the problem goes away for Mac users if they switch to Firefox or another web browser. Omniweb, which uses the same KHTML / Konqueror web engine as Safari, demands the authentication when first visiting a Twiki site, but doesn't keep asking the way Safari does. This is an improvement, but it isn't the behavior that IE users or users of Gecko based browsers are seeing.

Fix record

-- MartinCleaver - 19 Nov 2004

from SafariBrowserIssues#PatternSkinFix

  1. Make sure you have empty.css attached to your PatternSkin topic.
  2. Add the following two lines to "Pattern Skin Settings" section of TWikiPreferences:
      * Set USERLAYOUTURL = %PUBURL%/%TWIKIWEB%/PatternSkin/empty.css
      * Set USERSTYLEURL = %PUBURL%/%TWIKIWEB%/PatternSkin/empty.css

(this isn't really a Safari-specific issue; it's a "bug" in the TWikiDistribution. as there is another release imminent because of security patches, it would be nice to get this rolled in as well...)

-- WillNorris - 19 Nov 2004

hm, maybe i'm not so sure now; i checked twiki's TWikiPreferences and USERLAYOUTURL and USERSTYLEURL are set, so maybe this isn't the problem (although empty.css and the preferences adjustments are missing from the release).

-- WillNorris - 19 Nov 2004

Thanks Will, but I tried applying this to my test install: it didn't help.

It seems that TWiki.ChangePassword used to call the unauthenticated PasswdCgiScript but now calls the authenticated ManageCgiScript.

-- MartinCleaver - 19 Nov 2004

Edit | Attach | Watch | Print version | History: r5 < r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r5 - 2008-09-04 - TWikiJanitor
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.