Skip to content

Login Cookie Expiration Problem

Drasko DRASKOVIC edited this page Mar 16, 2015 · 2 revisions

@benoit-pereira-da-silva: I ve installed a proxy and used 10.0.0.1/login and i think I've identified the problem : The cookie expiration date is not correct (i've attached a screenshot in the Issue #147 on Github: https://github.com/nodesign/weio/issues/147)

@nmarcetic: I think on Tornado server default cookie expiration period is 30 days. The possible scenario, when you receive your board the system time was not correct, and now Tornado generate cookies and set expiration period in pass (e.g 07. Mar). This is only logical explanation, still i am very confused about chrome and firefox... It works on those browsers.... In order to confirm our conclusion , can you please login over ssh and try to temporary set correct time-date like this: export TZ="CET-1CEST,M3.5.0,M10.5.0/3" -- This is a Paris/France time zone Then type just "date" in terminal, your time/date should be correct and then try to login with safari. Note, this is just a tmp solution , when you reboot your board your time will be messed again. In order to set timezone you need to edit /etc/config/system and set your timezone (CET-1CEST,M3.5.0,M10.5.0/3) on this line https://github.com/nodesign/weio/blob/next/openWrt/files/etc/config/system#L4 and reboot your board

@nmarcetic: This is not bad http://stackoverflow.com/questions/12383697/tornado-secure-cookie-expiration-aka-secure-session-cookie whit this we will relay on browser session , when you close your browser your session will be lost, and you don't have our user cookies set by WeIO any more (you will not send expired cookies to Tornado). This is similar to your proposal but more secure, we are not hacking anything just relay on session nmarcetic March 8 2015
But with this approach also you must have correct time/date I like this Tornado secure cookie approach its similar to token authentication, and i would not change anything.