View Issue Details

IDProjectCategoryView StatusLast Update
0004316mantisbtbugtrackerpublic2013-12-01 22:05
ReporterGunnar Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status acknowledgedResolutionopen 
PlatformOpera 7.53OSLinuxOS Version2.4.27
Product Versiongit trunk 
Summary0004316: Cookie problem on logout
Description

If I log out of mantis I receive a system warning (header already modified) and I cannot login again. I always only get "Access Denied". This behavior stops if I delete all mantis cookies. This is reproducible on my installation as well as on this mantis installation.

Steps To Reproduce

1) Login to Mantis (using Opera 7.53).
2) Logout.

Alternatively you can modify your cookie to a random value while you are logged in.

Additional Information

Mantis expects the cookie to be set to ''. If the cookie has been set to a value that is not '' or does not match any of the cookie strings in the database, the user will see the "Access denied" message.

The attached patch does check whether the cookie is actually in the database or not instead of checking only for blank value.

TagsNo tags attached.
Attached Files
cookie.patch (1,603 bytes)   
--- authentication_api.php.old	2004-08-11 19:04:19.000000000 +0200
+++ authentication_api.php	2004-08-11 19:05:17.000000000 +0200
@@ -294,14 +294,14 @@
 	function auth_generate_unique_cookie_string() {
 		do {
 			$t_cookie_string = auth_generate_cookie_string();
-		} while ( !auth_is_cookie_string_unique( $t_cookie_string ) );
+		} while ( auth_cookie_string_count( $t_cookie_string ) );
 
 		return $t_cookie_string;
 	}
 
 	# --------------------
 	# Return true if the cookie login identifier is unique, false otherwise
-	function auth_is_cookie_string_unique( $p_cookie_string ) {
+	function auth_cookie_string_count( $p_cookie_string ) {
 		$t_user_table = config_get( 'mantis_user_table' );
 
 		$c_cookie_string = db_prepare_string( $p_cookie_string );
@@ -312,11 +312,7 @@
 		$result = db_query( $query );
 		$t_count = db_result( $result );
 
-		if ( $t_count > 0 ) {
-			return false;
-		} else {
-			return true;
-		}
+		return $t_count;
 	}
 
 	# --------------------
@@ -330,7 +326,7 @@
 		$t_cookie = gpc_get_cookie( $t_cookie_name, '' );
 
 		# if cookie not found, and anonymous login enabled, use cookie of anonymous account.
-		if ( is_blank( $t_cookie ) ) {
+		if ( !auth_cookie_string_count( $t_cookie ) ) {
 			if ( $g_script_login_cookie !== null ) {
 				return $g_script_login_cookie;
 			} else {
@@ -343,9 +339,11 @@
 						$row		= db_fetch_array( $result );
 						$t_cookie	= $row['cookie_string'];
 					}
-				}
+				} else {
+                                        return '';
+                                }
 			}
-		}
+                }
 
 		return $t_cookie;
 	}
cookie.patch (1,603 bytes)   

Activities

jlatour

jlatour

2004-08-12 04:15

reporter   ~0006960

OK, thanks for the patch. I don't have time to apply it right now, but I hope someone does.

(For who does: change the calls to auth_cookie_string_count to use 0 == and 0 <, it's clearer that way)