View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0028974||mantisbt||security||public||2021-08-12 07:25||2023-02-15 03:51|
|Summary||0028974: Multiple issues in session validation function|
The session validation function is an important feature that tracks the IP address of the session. However the current implementation confuses me.
Problem 1: Invalidated session is not logged out
Problem 2: Redirect through meta refresh causes the browser to cache the page
|Steps To Reproduce|
Verified with this site as well.
|Tags||No tags attached.|
|related to||0013035||acknowledged||Secure Session Support for Platforms masking client source address but injecting HTTP headers|
Just noticed that this problem had already been identified a long time ago, see 0013035:0028861