[
https://jira.codehaus.org/browse/MRM-1841?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=346684#comment-346684
]
Sascha Vogt commented on MRM-1841:
----------------------------------
For me, I'm logged off on Chrome 34 and FF 29.0.1 (Win7 64-bit)
Could it be related to using LDAP User Manager? (Note: We have DB first, LDAP
second)
We have two system accounts in the DB User Manager, I'm trying one of those now.
Regarding password in the cookie: Well, I already explained one issue in the
first comment: The password is shared accross multiple servers (it's the
Windows domain account). This means if my cookies got exposed the attacker
would have much more information, than only access to Archiva. And second:
People reuse passwords. Yes, they shouldn't, but they do. In these cases an
Archiva specific token decreases the threat. If the token would also be bound
to a specific IP address then the attacker would not only need the cookie but
also spoof my IP address, this would reduce the risk even more.
> "Remember me" not working
> -------------------------
>
> Key: MRM-1841
> URL: https://jira.codehaus.org/browse/MRM-1841
> Project: Archiva
> Issue Type: Bug
> Affects Versions: 2.0.1
> Reporter: Sascha Vogt
> Assignee: Olivier Lamy
> Fix For: 2.1.0
>
>
> The remember me feature doesn't seem to work. I get logged out quite
> frequently (didn't use a stopwatch, but about 10-15 minutes of inactivity are
> sufficient to log me out)
--
This message was sent by Atlassian JIRA
(v6.1.6#6162)
