In-Portal Issue Tracker

Welcome to the In-Portal Open Source CMS Issue Tracker! This is a central management / tracking tool for all types of tasks / issues / bugs for the In-Portal Project. Before reporting any issues, please make sure to read the Guide into Issue Tracker and How to Properly Test and Report Bugs!

Viewing Issue Advanced Details Jump to Notes ] Wiki ] View Simple ] Issue History ] Print ]
ID Category Type Reproducibility Date Submitted Last Update
0000930 [In-Portal CMS] Data Management task always 2010-11-19 06:14 2011-03-30 09:53
Reporter alex View Status public Project Name In-Portal CMS
Assigned To alex Developer
Priority normal Resolution fixed Platform
Status closed   OS
  OS Version
ETA none Fixed in Version 5.1.2-B1 Product Version 5.1.1-RC1
  Target Version 5.1.2 Product Build
Time EstimateNo estimate
Summary 0000930: Don't create session in admin console, until admin has logged-in
Description On Front-end In-Portal don't create empty session (records in UserSession and SessionData tables) until there is need to write something into it (e.g. user_id of logged-in user).

Why we don't have same type protection against too much unused sessions being created in admin console too.

For example I don't have ability to enable cookies and I'm just refreshing admin console login screen. New session will be created each time I do so.

Also, when I need to ask something from admin console via CURL request, then also session is created.
Steps To Reproduce
Additional Information
Tags No tags attached.
Reference http://groups.google.com/group/in-portal-dev/browse_thread/thread/ba0ead02b4036ada
Change Log Message Removed initial session creation in Admin Console
Estimate Points 0
Attached Files patch file icon dont_create_admin_session_when_not_logged_in.patch [^] (5,732 bytes) 2010-11-19 06:14 [Show Content]

- Relationships Relation Graph ] Dependency Graph ]
parent of 0000573closed (5.1.2) Session Expiration Message for Non-Logged-in users in Admin 

-  Notes
User avatar (0002980)
alex (manager)
2010-11-19 06:15

Also fixed:

* DELETE database queries were issued on SessionData table, while there was no session created at that time
* Session was created, even while checking, that user is able to login in DryMode (no login is made) via "UserHelper::loginUser" method.
User avatar (0002988)
Dmitry (manager)
2010-11-21 15:50

Reviewed and tested.
User avatar (0003185)
alex (manager)
2011-01-09 08:51

Fix committed to 5.1.x branch. Commit Message:

Fixes 0000930: Don't create session in admin console, until admin has logged-in
User avatar (0003346)
Dmitry (manager)
2011-03-30 09:53

Closing, since 5.1.2 release has been released.

- Related Changesets
In-Portal CMS: 5.1.x r14135
Timestamp: 2011-01-09 08:51:45
Author: alex
Details ] Diff ]
Fixes 0000930: Don't create session in admin console, until admin has logged-in
mod - /in-portal/branches/5.1.x/core/kernel/db/dbitem.php Diff ] File ]
mod - /in-portal/branches/5.1.x/core/kernel/session/inp_session.php Diff ] File ]
mod - /in-portal/branches/5.1.x/core/kernel/session/session.php Diff ] File ]
mod - /in-portal/branches/5.1.x/core/units/helpers/user_helper.php Diff ] File ]
mod - /in-portal/branches/5.1.x/core/units/user_groups/user_groups_eh.php Diff ] File ]

- Issue History
Date Modified Username Field Change
2011-03-30 09:53 Dmitry Note Added: 0003346
2011-03-30 09:53 Dmitry Status resolved => closed
2011-01-09 08:51 alex Note Added: 0003185
2011-01-09 08:51 alex Status reviewed and tested => resolved
2011-01-09 08:51 alex Fixed in Version => 5.1.2-B1
2011-01-09 08:51 alex Resolution open => fixed
2011-01-09 08:51 alex Assigned To !COMMUNITY => alex
2011-01-09 08:51 alex Changeset attached 5.1.x r14135
2010-12-06 12:55 alex Relationship added parent of 0000573
2010-11-21 15:50 Dmitry Note Added: 0002988
2010-11-21 15:50 Dmitry Status needs testing => reviewed and tested
2010-11-19 06:15 alex Note Added: 0002980
2010-11-19 06:15 alex Assigned To => !COMMUNITY
2010-11-19 06:15 alex Developer => alex
2010-11-19 06:15 alex Status active => needs testing
2010-11-19 06:14 alex New Issue
2010-11-19 06:14 alex File Added: dont_create_admin_session_when_not_logged_in.patch
2010-11-19 06:14 alex Reference => http://groups.google.com/group/in-portal-dev/browse_thread/thread/ba0ead02b4036ada
2010-11-19 06:14 alex Change Log Message => Removed initial session creation in Admin Console



Web Development by Intechnic
In-Portal Open Source CMS
In-Portal Open Source CMS
Copyright © 2000 - 2009 MantisBT Group

Powered by Mantis Bugtracker