Piwigo Bugtracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001760Piwigosecuritypublic2010.07.04 00:122010.07.05 21:36
Reporternikrou 
Assigned Tonikrou 
PrioritynormalSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version2.1.2 
Target Version2.1.3Fixed in Version2.1.3 
Summary0001760: Avoid session fixation
DescriptionTo avoid session fixation we use session_regenerate_id() function. But old session id is kept and database is full of old ones ! :-)

The fix is quite simple : use the param of that function and set it to true.
TagsNo tags attached.
browserany
Database engine and version
PHP version
Web serverApache 1.3.x
Attached Files

- Relationships

-  Notes
(0004025)
svn (reporter)
2010.07.05 21:34

[Subversion] r6660 by nikrou on trunk

-----[Subversion commit log]----------------------------------------------------
Bug 1760 fixed : Avoid session fixation
After connection, session id is changed using session_regenerate_id
but without removing old session. Passing param true makes the job.
(0004026)
svn (reporter)
2010.07.05 21:35

[Subversion] r6661 by nikrou on branch 2.1

-----[Subversion commit log]----------------------------------------------------
Bug 1760 fixed : Avoid session fixation
After connection, session id is changed using session_regenerate_id
but without removing old session. Passing param true makes the job

Merge from trunk

- Issue History
Date Modified Username Field Change
2010.07.04 00:12 nikrou New Issue
2010.07.04 00:12 nikrou browser => any
2010.07.04 00:12 nikrou Web server => Apache 1.3.x
2010.07.05 09:56 nikrou Status new => assigned
2010.07.05 09:56 nikrou Assigned To => nikrou
2010.07.05 21:34 svn Checkin
2010.07.05 21:34 svn Note Added: 0004025
2010.07.05 21:35 svn Checkin
2010.07.05 21:35 svn Note Added: 0004026
2010.07.05 21:36 nikrou Status assigned => closed
2010.07.05 21:36 nikrou Resolution open => fixed
2010.07.05 21:36 nikrou Fixed in Version => 2.1.3


Copyright © 2000 - 2015 MantisBT Team
Contact
Powered by Mantis Bugtracker