Bug#755671: Merging a @debian.org account in a non @debian.org account leads to "403 Forbidden"

[Raphael Hertzog <hertzog@debian.org>]

On Sun, 26 Oct 2014, Vincent Danjean wrote:
> The reverse (merging a non-Debian account into a Debian account) leads to the
> same problem (403 error when trying to open the merge confirmation link while
> logged with the Debian account).

In fact, this 403 is unrelated. The problem is that the code expects you
to be logged with the user you are merging with (and the mail tells you to
do so). If you follow the instructions, it will work.

We should probably just drop that requirement, I don't remember why
we made it so. Probably thought that ensuring that the user controlled
the mail + the account password was better.

> Note that, to logout the Debian account, I needed to manually remove cookies
> from tracker.debian.org. I successfully logout from sso.debian.org (after the
> first click on "logout", I had error message telling me I'm not logged anymore)
> but tracker.debian.org still thinked I was logged with my debian account
> (and still present me the "logout" button instead of the "register|login"
> ones).

Weird.

Cheer,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/