MantisBT

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0005554ATutorSessionpublic2014-11-02 10:532018-03-07 19:12
Reportergreg 
Assigned Togreg 
PrioritynormalSeveritymajorReproducibilitysometimes
StatusacknowledgedResolutionopen 
PlatformOSOS Version
Product Version 
Target Version2.2Fixed in Version 
Summary0005554: HostGator duplicate session ids
DescriptionOn HostGator (ontariovirtualschool.ca) every page generates a new additional sesion id, rather than updating the existing one, which results in users having to delete session cookies regularly so they can login. When the following code is commented out, then things seem to work fine.

include/vitals.inc.php

// Regenerate session id at every page refresh to prevent CSRF
$valid_session = true;
/*
if (count($_SESSION) == 0) {
    regenerate_session();
} else {
    $valid_session = check_session();
}
*/
TagsNo tags attached.
Affects versionSVN
SVN Revision#
Attached Files

- Relationships
related to 0005842assignedcindy Session expires 10sec after viewing resource firefox 

-  Notes
(0007119)
greg (administrator)
2015-12-31 11:39

won't remove code, as it affects those not on HostGator.

- Issue History
Date Modified Username Field Change
2014-11-02 10:53 greg New Issue
2014-11-02 11:00 greg Description Updated View Revisions
2015-12-31 11:39 greg Note Added: 0007119
2015-12-31 11:39 greg Assigned To => greg
2015-12-31 11:39 greg Status new => acknowledged
2018-03-07 19:12 greg Relationship added related to 0005842


Copyright © 2000 - 2018 MantisBT Team
Powered by Mantis Bugtracker