Skip to content
Snippets Groups Projects
Closed [User Testing] User Login
  • View options
  • [User Testing] User Login

  • View options
  • Closed Issue created by Kevin Morris

    About

    • Feature: User Login
    • Route: https://localhost:8444/login

    Checklist

    • This feature testing stage has been completed.

    Description

    Users should be able to login in a secure fashion using the /login route.

    When AUR_CONFIG's [options] disable_http_login is set to 1, cookies use the Secure and SameSite=strict attributes. When it is set to 0, of course, the converse happens -- completely insecure cookies are used.

    Intended session persistence timing:

    • Remember Me checked: 2592000 seconds (30 days)
    • Otherwise: 7200 seconds (2 hours)

    Caveat: The PHP implementation re-emits cookies without secure or samesite attributes. So, if users are switching between PHP and FastAPI on a local Docker instance configured on different ports, browsing around authenticated PHP will mean that the next browsing of FastAPI will be unauthenticated. This is due to how clients handle cookies emission: they store cookies for localhost (regardless of the port). This may also occur on aur-dev.archlinux.org as versions are changed.

    Known Bugs

    Unimplemented

    Reporters

    Following is a list of reporters who have contributed to helping test this feature which is updated as feedback is provided.

    Name GitLab User
    Zero @phantomotap
    Hunter Hwittenborn @hwittenborn
    Kevin Morris @kevr
    0 of 1 checklist item completed · Edited by Kevin Morris

    Linked items ... 0

  • Activity

    • All activity
    • Comments only
    • History only
    • Newest first
    • Oldest first
    Loading Loading Loading Loading Loading Loading Loading Loading Loading Loading