Hi, we migrated from Trac 1.2 to 1.2.3. We also switched from webserver htpasswd to AccountManagerPlugin using htdigest.
The reason was I would like to make it possible for people to self register. Then before it was not possible for people to set their own password. As far as I know this all is only possible with the AccountManagerPlugin. This all works fine. The admin/accounts/users are empty and I like to make all register themselve. Now I see a weird isse. One user with its browser session is still able to login. After logout and login he is logged in whithout password. I can't reproduce this with an empty browser profile. After he logged in, I see in trac-admin project session list: SID:TheUser Auth:1 Last Visit:<today> All the rest is empty. After deleting this session the user can still login. There is no entry about that user in the htdigest file that is configured with htdigest_file. How can that be? I like all users to re-register, but after testing with one user it seems that all can login without password. Best regards -- You received this message because you are subscribed to the Google Groups "Trac Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/trac-users. To view this discussion on the web visit https://groups.google.com/d/msgid/trac-users/4eca4a04-c4d4-4a4a-bb9b-cb2897e916f0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
