[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-tracker] [bug #3332] Cookie Session Expiration Bug
From: |
nobody |
Subject: |
[Phpgroupware-tracker] [bug #3332] Cookie Session Expiration Bug |
Date: |
Thu, 26 Jun 2003 23:01:55 -0400 |
User-agent: |
Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.3.1) Gecko/20030425 |
=================== BUG #3332: LATEST MODIFICATIONS ==================
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=3332&group_id=509
Changes by: Dave Hall <address@hidden>
Date: Fri 06/27/2003 at 13:01 (Australia/Melbourne)
What | Removed | Added
---------------------------------------------------------------------------
Status | Open | Closed
------------------ Additional Follow-up Comments ----------------------------
this has been fixed in 16
=================== BUG #3332: FULL BUG SNAPSHOT ===================
Submitted by: adamhull Project: phpGroupWare
Submitted on: Sat 04/26/2003 at 06:05
Category: API - phpGWapi Bug Group: None
Severity: 5 - Major Priority: High
Resolution: None Assigned to: ralfbecker
Status: Closed Component Version: None
Platform Version: None Reproducibility: Every Time
Summary: Cookie Session Expiration Bug
Original Submission: Using cookie sessions, if a user stays logged in and the
cookie expires, the user is experiences being logged out and cannot log in
again. In reality what is happening is phpgroupware is not killing the session
and will not let the user log in again. If you manually call logout.php or
restart the users browser, the user can log in again.
Here what skwashd reccommends be done:
<skwashd> the session cookies are being interpreted wrongly after a session
time out
<skwashd> and so phpgw is getting confused
<skwashd> but .... if you call logout manually it resolves the issue
<fixe> ah, hmmm. so maybe we can have phpgw kill dead sessions?
<skwashd> so .....
<skwashd> we need the index page to check if the session is dead ....
<skwashd> if yes then throw the user to login ... after killing the session
<skwashd> if no ... continue on as usual
----------
I am making an attempt at this but I cannot yet figure out how phpgw determines
if a session has ended. The cookie itself does nto appear to have a timestamp,
it only says "expires when session has ended". - Adam (fixe)
Follow-up Comments
*******************
-------------------------------------------------------
Date: Fri 06/27/2003 at 13:01 By: skwashd
this has been fixed in 16
-------------------------------------------------------
Date: Sun 04/27/2003 at 01:59 By: adamhull
sounds good ralf, deleting the cookie would work as well. I have also reset my
session by deleting the cookie manually.
fixing it in .16 branch only is ok with me because .16 will be out so soon. But
it may be helpful to post the code fix here for the record in case anyone needs
to fix it themselves in .14. I would think the fix should be identical in the 2
branches.
-------------------------------------------------------
Date: Sat 04/26/2003 at 18:10 By: ralfbecker
We should delete the cookie after we detect the expired session and treat it
like there's no session after.
I will fix it for .16 (not for .14).
-------------------------------------------------------
Date: Sat 04/26/2003 at 06:06 By: adamhull
Oh, also, I have experienced this in both 0.9.14 and 0.9.16 branches - fixe
CC list is empty
No files currently attached
For detailed info, follow this link:
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=3332&group_id=509
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-tracker] [bug #3332] Cookie Session Expiration Bug,
nobody <=