 Relationships |
|
| Anonymous | Login | Signup for a new account | 2013.05.22 06:55 CEST |
| Main | My View | View Issues | Change Log | Roadmap | Docs |
| Viewing Issue Advanced Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||
| ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||
| 0001760 | [Piwigo] security | major | always | 2010.07.04 00:12 | 2010.07.05 21:36 | ||
| Reporter | nikrou | View Status | public | ||||
| Assigned To | nikrou | ||||||
| Priority | normal | Resolution | fixed | Platform | |||
| Status | closed | OS | |||||
| Projection | none | OS Version | |||||
| ETA | none | Fixed in Version | 2.1.3 | Product Version | 2.1.2 | ||
| Target Version | 2.1.3 | Product Build | |||||
| Summary | 0001760: Avoid session fixation | ||||||
| Description |
To avoid session fixation we use session_regenerate_id() function. But old session id is kept and database is full of old ones ! :-) The fix is quite simple : use the param of that function and set it to true. |
||||||
| Steps To Reproduce | |||||||
| Additional Information | |||||||
| Tags | No tags attached. | ||||||
| browser | any | ||||||
| Database engine and version | |||||||
| PHP version | |||||||
| Web server | Apache 1.3.x | ||||||
| Attached Files | |||||||
|
|
|||||||
|
Relationships |
|
|
Notes |
|
|
(0004025) svn (reporter) 2010.07.05 21:34 |
[Subversion] r6660 by nikrou on trunk -----[Subversion commit log]---------------------------------------------------- Bug 1760 fixed : Avoid session fixation After connection, session id is changed using session_regenerate_id but without removing old session. Passing param true makes the job. |
|
(0004026) svn (reporter) 2010.07.05 21:35 |
[Subversion] r6661 by nikrou on branch 2.1 -----[Subversion commit log]---------------------------------------------------- Bug 1760 fixed : Avoid session fixation After connection, session id is changed using session_regenerate_id but without removing old session. Passing param true makes the job Merge from trunk |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2010.07.04 00:12 | nikrou | New Issue | |
| 2010.07.04 00:12 | nikrou | browser | => any |
| 2010.07.04 00:12 | nikrou | Web server | => Apache 1.3.x |
| 2010.07.05 09:56 | nikrou | Status | new => assigned |
| 2010.07.05 09:56 | nikrou | Assigned To | => nikrou |
| 2010.07.05 21:34 | svn | Checkin | |
| 2010.07.05 21:34 | svn | Note Added: 0004025 | |
| 2010.07.05 21:35 | svn | Checkin | |
| 2010.07.05 21:35 | svn | Note Added: 0004026 | |
| 2010.07.05 21:36 | nikrou | Status | assigned => closed |
| 2010.07.05 21:36 | nikrou | Resolution | open => fixed |
| 2010.07.05 21:36 | nikrou | Fixed in Version | => 2.1.3 |
| Mantis 1.1.6[^] Copyright © 2000 - 2008 Mantis Group Contact |  |
