View Issue Details

IDProjectCategoryView StatusLast Update
0021709mantisbtbugtrackerpublic2016-11-27 00:45
Reportercproensa Assigned Tocproensa  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Product Version1.3.1 
Target Version1.3.4Fixed in Version1.3.4 
Summary0021709: on error after verification page, user still can browse the site
Description

If invalid data is submitted from the new verification page, the user is presented a standard logged-in page, with error message, but still a navigation menu.
Then the user can proceed to use the site as his user is logged in, but didn't change his password.
This happens because the data is submitted to the standard "account_update.php"

A proposal is to create a separated verify-update page that deals with this submission. And remove the verification logic from account_update page.

TagsNo tags attached.

Related Changesets

MantisBT: master-1.3.x 12192f19

2016-11-18 12:35

cproensa

Committer: dregad


Details Diff
Force logout after verification error

Force the clearing of authentication cookies when the verification data
submitted to account_update page produces an error.
This way, the user cant browse the site as the logged user, if he hasn't
completed yet the verification process.

Fixes 0021709
Affected Issues
0021709
mod - account_update.php Diff File