phpgroupware-tracker
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Phpgroupware-tracker] [Bug #3332] Cookie Session Expiration Bug


From: nobody
Subject: [Phpgroupware-tracker] [Bug #3332] Cookie Session Expiration Bug
Date: Sat, 26 Apr 2003 11:59:22 -0400

=================== BUG #3332: LATEST MODIFICATIONS ==================
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=3332&group_id=509

Changes by: Adam Hull <address@hidden>
Date: Sat 04/26/2003 at 15:59 (GMT)

------------------ Additional Follow-up Comments ----------------------------
sounds good ralf, deleting the cookie would work as well. I have also reset my 
session by deleting the cookie manually.

fixing it in .16 branch only is ok with me because .16 will be out so soon. But 
it may be helpful to post the code fix here for the record in case anyone needs 
to fix it themselves in .14. I would think the fix should be identical in the 2 
branches.



=================== BUG #3332: FULL BUG SNAPSHOT ===================


Submitted by: adamhull                Project: phpGroupWare                 
Submitted on: Fri 04/25/2003 at 20:05
Category:  API - phpGWapi             Bug Group:  None                      
Severity:  5 - Major                  Priority:  High                       
Resolution:  None                     Assigned to:  ralfbecker              
Status:  Open                         Component Version:  None              
Platform Version:  None               Reproducibility:  Every Time          

Summary:  Cookie Session Expiration Bug

Original Submission:  Using cookie sessions, if a user stays logged in and the 
cookie expires, the user is experiences being logged out and cannot log in 
again. In reality what is happening is phpgroupware is not killing the session 
and will not let the user log in again. If you manually call logout.php or 
restart the users browser, the user can log in again.

Here what skwashd reccommends be done:
<skwashd> the session cookies are being interpreted wrongly after a session 
time out
<skwashd> and so phpgw is getting confused
<skwashd> but .... if you call logout manually it resolves the issue
<fixe> ah, hmmm. so maybe we can have phpgw kill dead sessions?
<skwashd> so .....
<skwashd> we need the index page to check if the session is dead ....
<skwashd> if yes then throw the user to login ... after killing the session
<skwashd> if no ... continue on as usual
----------
I am making an attempt at this but I cannot yet figure out how phpgw determines 
if a session has ended. The cookie itself does nto appear to have a timestamp, 
it only says "expires when session has ended". - Adam (fixe)

Follow-up Comments
*******************

-------------------------------------------------------
Date: Sat 04/26/2003 at 15:59       By: adamhull
sounds good ralf, deleting the cookie would work as well. I have also reset my 
session by deleting the cookie manually.

fixing it in .16 branch only is ok with me because .16 will be out so soon. But 
it may be helpful to post the code fix here for the record in case anyone needs 
to fix it themselves in .14. I would think the fix should be identical in the 2 
branches.

-------------------------------------------------------
Date: Sat 04/26/2003 at 08:10       By: ralfbecker
We should delete the cookie after we detect the expired session and treat it 
like there's no session after.
I will fix it for .16 (not for .14).

-------------------------------------------------------
Date: Fri 04/25/2003 at 20:06       By: adamhull
Oh, also, I have experienced this in both 0.9.14 and 0.9.16 branches - fixe


CC list is empty


No files currently attached


For detailed info, follow this link:
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=3332&group_id=509




reply via email to

[Prev in Thread] Current Thread [Next in Thread]