View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0004316 | mantisbt | bugtracker | public | 2004-08-12 01:41 | 2013-12-01 22:05 |
Reporter | Gunnar | Assigned To | |||
Priority | normal | Severity | minor | Reproducibility | always |
Status | acknowledged | Resolution | open | ||
Platform | Opera 7.53 | OS | Linux | OS Version | 2.4.27 |
Product Version | git trunk | ||||
Summary | 0004316: Cookie problem on logout | ||||
Description | If I log out of mantis I receive a system warning (header already modified) and I cannot login again. I always only get "Access Denied". This behavior stops if I delete all mantis cookies. This is reproducible on my installation as well as on this mantis installation. | ||||
Steps To Reproduce | 1) Login to Mantis (using Opera 7.53). Alternatively you can modify your cookie to a random value while you are logged in. | ||||
Additional Information | Mantis expects the cookie to be set to ''. If the cookie has been set to a value that is not '' or does not match any of the cookie strings in the database, the user will see the "Access denied" message. The attached patch does check whether the cookie is actually in the database or not instead of checking only for blank value. | ||||
Tags | No tags attached. | ||||
Attached Files | cookie.patch (1,603 bytes)
--- authentication_api.php.old 2004-08-11 19:04:19.000000000 +0200 +++ authentication_api.php 2004-08-11 19:05:17.000000000 +0200 @@ -294,14 +294,14 @@ function auth_generate_unique_cookie_string() { do { $t_cookie_string = auth_generate_cookie_string(); - } while ( !auth_is_cookie_string_unique( $t_cookie_string ) ); + } while ( auth_cookie_string_count( $t_cookie_string ) ); return $t_cookie_string; } # -------------------- # Return true if the cookie login identifier is unique, false otherwise - function auth_is_cookie_string_unique( $p_cookie_string ) { + function auth_cookie_string_count( $p_cookie_string ) { $t_user_table = config_get( 'mantis_user_table' ); $c_cookie_string = db_prepare_string( $p_cookie_string ); @@ -312,11 +312,7 @@ $result = db_query( $query ); $t_count = db_result( $result ); - if ( $t_count > 0 ) { - return false; - } else { - return true; - } + return $t_count; } # -------------------- @@ -330,7 +326,7 @@ $t_cookie = gpc_get_cookie( $t_cookie_name, '' ); # if cookie not found, and anonymous login enabled, use cookie of anonymous account. - if ( is_blank( $t_cookie ) ) { + if ( !auth_cookie_string_count( $t_cookie ) ) { if ( $g_script_login_cookie !== null ) { return $g_script_login_cookie; } else { @@ -343,9 +339,11 @@ $row = db_fetch_array( $result ); $t_cookie = $row['cookie_string']; } - } + } else { + return ''; + } } - } + } return $t_cookie; } | ||||