View Issue Details

WikiRelated ChangesetsJump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0007895mantisbtbugtrackerpublic2007-04-12 01:432007-12-21 23:16
Reporterdanielm Assigned Togiallu  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Target Version1.1.0Fixed in Version1.1.0a4 
Summary0007895: Recently Visited when logged in as Anonymous shows issues i have not visited
Description

the recently visited list for the Anonymous user shows issues that presumably other anonymous users have visited

Steps To Reproduce

do not log in to mantis
Note recently visited does not necessarily contain bugs viewed by you
If further proof is required
Open mantis on another machine (do not log in)
view any issue
refresh page on first machine

Additional Information

this was noted on version 1.1.0a3-CVS as in on mantisbt.org

TagsNo tags attached.
Attached Files
bug7895.patch (1,403 bytes)    
Index: core/last_visited_api.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/core/last_visited_api.php,v
retrieving revision 1.1
diff -u -r1.1 last_visited_api.php
--- core/last_visited_api.php	12 Aug 2006 08:04:49 -0000	1.1
+++ core/last_visited_api.php	5 Jul 2007 22:25:18 -0000
@@ -16,6 +16,9 @@
 	#---------------------------------
 	# This method should be called from view, update, print pages for issues, mantisconnect.
 	function last_visited_issue( $p_issue_id, $p_user_id = null ) {
+		if ( current_user_is_anonymous() ) {
+			return;
+		}
 		$c_issue_id = db_prepare_int( $p_issue_id );
 
 		$t_value = token_get_value_by_type( TOKEN_LAST_VISITED, $p_user_id );
@@ -47,4 +50,4 @@
 
 		return $t_ids;
 	}
-?>
\ No newline at end of file
+?>
Index: core/print_api.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/core/print_api.php,v
retrieving revision 1.166
diff -u -r1.166 print_api.php
--- core/print_api.php	9 Jun 2007 16:39:32 -0000	1.166
+++ core/print_api.php	5 Jul 2007 22:25:20 -0000
@@ -1553,7 +1553,7 @@
 	# --------------------
 	# Prints the recently visited issues.
 	function print_recently_visited() {
-		if ( OFF == config_get( 'recently_visited' ) ) {
+		if ( OFF == config_get( 'recently_visited' ) || current_user_is_anonymous() ) {
 			return;
 		}
bug7895.patch (1,403 bytes)   

Relationships

related to 0004460 closedvboctor Show last visited N issues 

Activities

giallu

giallu

2007-04-13 02:54

reporter   ~0014342

I can confirm the behaviour, though it seems this is by design: the recently visited issues are stored in the DB, using the api in tokens_api.php.

I wonder why a (simpler?) method based on cookies was not used instead: the only advantage I see here is you gain persistence across multiple browsers instances, being the list server side and tied to the user ID.
danielm

danielm

2007-04-15 18:59

reporter   ~0014344

I can see the advantages with having a more durable storage mechanism for this list but unfortunately it does not work well for the anonymous user where:

The list cannot be relied on because it is likely to change if other anonymous user are using the system as well.
However minor it allows someone else to gain information on what other people are looking at.

I don't know how anonymous users work because we don't use it in our deployment but I would expect that the feature could be disabled if a user was not logged in (the anonymous user). This would almost certainly be easier than changing the implementation of Recently Visited to cookie based and would not significantly affect any advantages gained by storing the list in the database.
vboctor

vboctor

2007-04-16 02:00

manager   ~0014345

I agree that this feature should be disabled for anonymous user. This should ideally be done by:

  1. Not displaying the recently visited list.
  2. Not keeping track of the list to reduce unnecessary database access.

It is by design that I use tokens for storing this information rather than cookies. The idea is to reduce the dependency on cookies and to provide users with the ability to see their filters, recently visited and others across browsers.
giallu

giallu

2007-04-16 02:05

reporter   ~0014348

Ok Victor. Do you think you can work on this? I have other things on my to-do list right now, but since this seems not too hard I could have a look at it.
vboctor

vboctor

2007-04-16 02:19

manager   ~0014350

go for it, I am currently focused on 0007667.
giallu

giallu

2007-07-05 18:30

reporter   ~0014878

The patch attached does what proposed in 0007895:0014345
vboctor

vboctor

2007-07-05 21:04

manager   ~0014880

I had a look at the patch and it looks good. Following are some minor comments:

  • In last_visited_issue() add a blank line after the "if" block.
  • Implement last_visited_enabled() which checks both the configuration and current user is not anonymous.
  • In last_visited_issue() check last_visited_enabled().
  • In print_recently_visited() check last_visited_enabled().
giallu

giallu

2007-07-09 18:43

reporter   ~0014915

Applied patch with modifications requested in 0007895:0014880

Related Changesets

MantisBT: master f62b823a

2007-07-09 18:41

giallu


Details Diff		 Fix 7895: Recently Visited when logged in as Anonymous shows issues i have not visited

git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@4418 <a class="text" href="/?p=mantisbt.git;a=object;h=f5dc347c">f5dc347c</a>-c33d-0410-90a0-b07cc1902cb9		 Affected Issues
0007895
mod - core/last_visited_api.php Diff File
mod - core/print_api.php Diff File