[Koha-bugs] [Bug 29914] check_cookie_auth not strict enough
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Jan 20 10:12:37 CET 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29914
--- Comment #1 from Jonathan Druart <jonathan.druart+koha at gmail.com> ---
Created attachment 129634
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=129634&action=edit
Bug 29914: Make check_cookie_auth compare the userid
check_cookie_auth is assuming that the user is authenticated if a cookie exists
and that the login/username exists in the DB.
So basically if you hit the login page, fill the login input with a
valid username, click "login"
=> A cookie will be generated, and the sessions table will contain a
line with this session id.
On the second hit, if the username is in the DB, it will be enough to be
considered authenticated.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list