View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0010187 | mantisbt | security | public | 2009-03-08 03:19 | 2023-02-15 09:52 |
Reporter | Jenolan | Assigned To | jreese | ||
Priority | normal | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.2.0a3 | ||||
Target Version | 1.1.7 | Fixed in Version | 1.1.7 | ||
Summary | 0010187: Using dession destroy and unset for logout | ||||
Description | When a user logs out from Mantis the logout process does the following unset( $_SESSION ); The problem is that other php applications are also using the php session manager and their information is being destroyed as well which is not nice. Suggest that Mantis variables be stored as an array within $_SESSION and all that is necessary then it to unset the array rather than the whole global session. | ||||
Tags | No tags attached. | ||||
MantisBT: master 2ad35dd7 2009-03-30 10:43 Details Diff |
Fix 0010187: Segment the PHP session via a unique key, so as to play nice with neighboring apps. |
Affected Issues 0010187, 0011738 |
|
mod - core/session_api.php | Diff File | ||
mod - config_defaults_inc.php | Diff File | ||
MantisBT: master-1.1.x 434acc56 2009-03-30 10:43 Details Diff |
Fix 0010187: Segment the PHP session via a unique key, so as to play nice with neighboring apps. |
Affected Issues 0010187 |
|
mod - core/session_api.php | Diff File | ||
mod - config_defaults_inc.php | Diff File | ||
MantisBT: master-1.1.x ea368049 2009-07-13 10:48 Details Diff |
Fix 0010714: Fix session notice with verify.php This problem is a result of changes for issue 0010187, where the session is no longer destroyed in order to play nice with other PHP applications. However, the problem itself only manifests itself when a user that is already logged into mantis follows the verification link. Rather than forcefully restarting the session, the verification page now logs out the existing user and then does a header redirect to itself to allow the normal session init behavior to kick in. |
Affected Issues 0010187, 0010714 |
|
mod - account_page.php | Diff File | ||
mod - verify.php | Diff File | ||
MantisBT: master-1.2.x 4f9d3515 2009-07-13 10:48 Details Diff |
Fix 0010714: Fix session notice with verify.php This problem is a result of changes for issue 0010187, where the session is no longer destroyed in order to play nice with other PHP applications. However, the problem itself only manifests itself when a user that is already logged into mantis follows the verification link. Rather than forcefully restarting the session, the verification page now logs out the existing user and then does a header redirect to itself to allow the normal session init behavior to kick in. |
Affected Issues 0010187, 0010714 |
|
mod - account_page.php | Diff File | ||
mod - verify.php | Diff File | ||
MantisBT: master c3a3ffe8 2009-07-13 10:48 Details Diff |
Fix 0010714: Fix session notice with verify.php This problem is a result of changes for issue 0010187, where the session is no longer destroyed in order to play nice with other PHP applications. However, the problem itself only manifests itself when a user that is already logged into mantis follows the verification link. Rather than forcefully restarting the session, the verification page now logs out the existing user and then does a header redirect to itself to allow the normal session init behavior to kick in. |
Affected Issues 0010187, 0010714 |
|
mod - account_page.php | Diff File | ||
mod - verify.php | Diff File |