[Koha-bugs] [Bug 29915] Anonymous session generates 1 new session ID per hit
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Mar 24 14:37:41 CET 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29915
Jonathan Druart <jonathan.druart+koha at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #132114|0 |1
is obsolete| |
--- Comment #123 from Jonathan Druart <jonathan.druart+koha at gmail.com> ---
Created attachment 132158
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=132158&action=edit
Bug 29915: Prevent bad cookie from corrupted session
If there is deleted session info but no session->id, a wrong cookie
with empty name could be generated containing expired session id.
Test plan:
Run t/db_dependent/Auth.t
Login. Check cookies in browser.
Logout. Check cookies in browser.
Without this patch, you should see an invalid cookie.
Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list