| Anonymous | Login | Signup for a new account | 2013-05-25 06:02 EDT |  |
| Main | My View | View Issues | Change Log | Roadmap | Wiki | ManTweet | Repositories |
| View Issue Details [ Jump to Notes ] [ Wiki ] [ Related Changesets ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
| 0010187 | mantisbt | security | public | 2009-03-08 03:19 | 2009-07-13 10:26 | ||||
| Reporter | Jenolan | ||||||||
| Assigned To | jreese | ||||||||
| Priority | normal | Severity | major | Reproducibility | always | ||||
| Status | closed | Resolution | fixed | ||||||
| Platform | OS | OS Version | |||||||
| Product Version | 1.2.0a3 | ||||||||
| Target Version | 1.1.7 | Fixed in Version | 1.1.7 | ||||||
| Summary | 0010187: Using dession destroy and unset for logout | ||||||||
| Description | When a user logs out from Mantis the logout process does the following unset( $_SESSION ); session_destroy(); The problem is that other php applications are also using the php session manager and their information is being destroyed as well which is not nice. Suggest that Mantis variables be stored as an array within $_SESSION and all that is necessary then it to unset the array rather than the whole global session. | ||||||||
| Tags | No tags attached. | ||||||||
| Attached Files | |||||||||
 Relationships |
 Notes |
|
 (0021286)jreese (administrator) 2009-03-30 09:55 |
Retargetting for 1.1.7. |
|
(0021291) jreese (administrator) 2009-03-30 11:17 |
Fix committed to 1.1.7 and 1.2.x development trees. |
|
Notes |
| Related Changesets |
|||
|
MantisBT: master 2ad35dd7
Timestamp: 2009-03-30 14:43:13 Author: jreese [ Details ] [ Diff ] |
Fix 0010187: Segment the PHP session via a unique key, so as to play nice with neighboring apps. | ||
| mod - core/session_api.php | [ Diff ] [ File ] | ||
| mod - config_defaults_inc.php | [ Diff ] [ File ] | ||
|
MantisBT: master-1.1.x 434acc56
Timestamp: 2009-03-30 14:43:13 Author: jreese [ Details ] [ Diff ] |
Fix 0010187: Segment the PHP session via a unique key, so as to play nice with neighboring apps. | ||
| mod - core/session_api.php | [ Diff ] [ File ] | ||
| mod - config_defaults_inc.php | [ Diff ] [ File ] | ||
|
MantisBT: master-1.1.x ea368049
Timestamp: 2009-07-13 14:48:11 Author: jreese [ Details ] [ Diff ] |
Fix 0010714: Fix session notice with verify.php This problem is a result of changes for issue 0010187, where the session is no longer destroyed in order to play nice with other PHP applications. However, the problem itself only manifests itself when a user that is already logged into mantis follows the verification link. Rather than forcefully restarting the session, the verification page now logs out the existing user and then does a header redirect to itself to allow the normal session init behavior to kick in. |
||
| mod - account_page.php | [ Diff ] [ File ] | ||
| mod - verify.php | [ Diff ] [ File ] | ||
|
MantisBT: master-1.2.x 4f9d3515
Timestamp: 2009-07-13 14:48:11 Author: jreese [ Details ] [ Diff ] |
Fix 0010714: Fix session notice with verify.php This problem is a result of changes for issue 0010187, where the session is no longer destroyed in order to play nice with other PHP applications. However, the problem itself only manifests itself when a user that is already logged into mantis follows the verification link. Rather than forcefully restarting the session, the verification page now logs out the existing user and then does a header redirect to itself to allow the normal session init behavior to kick in. |
||
| mod - account_page.php | [ Diff ] [ File ] | ||
| mod - verify.php | [ Diff ] [ File ] | ||
|
MantisBT: master c3a3ffe8
Timestamp: 2009-07-13 14:48:11 Author: jreese [ Details ] [ Diff ] |
Fix 0010714: Fix session notice with verify.php This problem is a result of changes for issue 0010187, where the session is no longer destroyed in order to play nice with other PHP applications. However, the problem itself only manifests itself when a user that is already logged into mantis follows the verification link. Rather than forcefully restarting the session, the verification page now logs out the existing user and then does a header redirect to itself to allow the normal session init behavior to kick in. |
||
| mod - account_page.php | [ Diff ] [ File ] | ||
| mod - verify.php | [ Diff ] [ File ] | ||
| Related Changesets |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2009-03-08 03:19 | Jenolan | New Issue | |
| 2009-03-11 10:05 | jreese | Status | new => acknowledged |
| 2009-03-11 10:05 | jreese | Target Version | => 1.2.2 |
| 2009-03-30 09:55 | jreese | Note Added: 0021286 | |
| 2009-03-30 09:55 | jreese | Target Version | 1.2.2 => 1.1.7 |
| 2009-03-30 11:17 | jreese | Note Added: 0021291 | |
| 2009-03-30 11:17 | jreese | Status | acknowledged => resolved |
| 2009-03-30 11:17 | jreese | Fixed in Version | => 1.1.7 |
| 2009-03-30 11:17 | jreese | Resolution | open => fixed |
| 2009-03-30 11:17 | jreese | Assigned To | => jreese |
| 2009-03-30 11:20 | jreese | Changeset attached | master 2ad35dd7 => |
| 2009-03-30 11:20 | jreese | Changeset attached | master-1.1.x 434acc56 => |
| 2009-04-20 09:49 | jreese | Status | resolved => closed |
| 2009-07-13 10:26 | jreese | Relationship added | related to 0010714 |
| 2009-07-13 11:00 | jreese | Changeset attached | master-1.1.x ea368049 => |
| 2009-07-13 11:00 | jreese | Changeset attached | master-1.2.x 4f9d3515 => |
| 2009-07-13 11:00 | jreese | Changeset attached | master c3a3ffe8 => |
|
Issue History |
| MantisBT 1.2.16dev master-1.2.x-8c2bd07 [^]
Copyright © 2000 - 2013 MantisBT Team
Time: 0.1004 seconds. memory usage: 2,822 KB |
|