On Tue, Jun 25, 2019 at 10:44 AM Mo <[email protected]> wrote:
> Hi, we migrated from Trac 1.2 to 1.2.3. We also switched from webserver > htpasswd to AccountManagerPlugin using htdigest. > Did you remove the handler (Location directive) for /login in your web server configuration? If not, the web server will intercept and route the request. > The reason was I would like to make it possible for people to self > register. > Then before it was not possible for people to set their own password. > As far as I know this all is only possible with the AccountManagerPlugin. > > This all works fine. The admin/accounts/users are empty and I like to make > all register themselve. > > Now I see a weird isse. One user with its browser session is still able to > login. After logout and login he is logged in whithout password. I can't > reproduce this with an empty browser profile. > After he logged in, I see in trac-admin project session list: > > SID:TheUser > Auth:1 > Last Visit:<today> > All the rest is empty. > > After deleting this session the user can still login. There is no entry > about that user in the htdigest file that is configured with htdigest_file. > How can that be? I like all users to re-register, but after testing with > one user it seems that all can login without password. > > Best regards > Please share you [account-manager] section from trac.ini -- You received this message because you are subscribed to the Google Groups "Trac Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/trac-users. To view this discussion on the web visit https://groups.google.com/d/msgid/trac-users/CA%2BBGpn_JuN1rh%3DNS2xM455PV7Us6ym6Cgk4OVPKZpCKsRtP74A%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
