Page MenuHomePhabricator

UserName cookie should not be set when "remember me" is disabled
Open, Needs TriagePublic

Description

CookieSessionProvider records the username in a cookie and pre-fills the username field on next login, to make it more convenient. It seems wrong to do that even if the user logged in with "Remember me" unchecked.

Event Timeline

Tgr created this task.Oct 29 2016, 12:11 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 29 2016, 12:11 AM