[openstreetmap/openstreetmap-website] "Remember me" can lock a user into OAuth flow (#3103)

Tom Hughes notifications at github.com
Wed Feb 17 22:31:34 UTC 2021

There is no "OAuth login page" as far as I know, there is just the normal login page, and not being asked to login if you're already logged in is entirely normal and expected.

All that "remember me" does is to extend the life time of the cookie - even without that you might still be considered logged in on a future visit.

You really shouldn't be deleting the OAuth token anyway - the whole point is to cache those client side otherwise you wind up with piles of duplicate authorisations on the OSM end.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20210217/c49d3abb/attachment.htm>

More information about the rails-dev mailing list