https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37041 Jonathan Druart <jonathan.druart@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |In Discussion --- Comment #25 from Jonathan Druart <jonathan.druart@gmail.com> --- (In reply to Marcel de Rooy from comment #16)
(In reply to Jonathan Druart from comment #15)
Only to share what I had in mind. It fixes the problem it seems, but can eventually introduce new ones...
Now the session's id is stored in userenv, so we don't want to leak it! It seems safe however.
Yeah, interesting. But in terms of security perhaps not the way we want to go..
In term of cleaning our session handling code however we need that, and it could be a good excuse to introduce it. If we want it, then do it now. Otherwise we can go with your alternative approach. -- You are receiving this mail because: You are watching all bug changes.