https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38327 --- Comment #17 from David Cook <dcook@prosentient.com.au> --- (In reply to Lucas Gass (lukeg) from comment #1)
To recreate:
Generic: 1. Set timeout to something low for testing, I set mine to 10 seconds 2. Go to a page when you can do some kind of POST action 3. Wait for the timeout to happen 4. Do the post request thing, 5. You need to log back in, get a 403 error.
So you don't even need a POST. You can just do a GET. Anyway, I set "timeout" to "10", logged in, waited 10 seconds, then went to another page. My first session had a cookie with a session ID of b49e79b4392bb8eff50400904a7f7481 which appears to have been removed from the database... On the login page with "Error: Session timed out" I see a cookie with a session ID of 637b52999bc5266c383faf809a8761d8. However, I don't see a session with that ID in the database. I waited a while to try logging in again... and now I'm able to log in fine, which is actually surprising. After the successful login I have an ID of 38f2a4db6f1e9806d5b731b6f098298d which does appear in the database... -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.