In-Portal Issue Tracker

Welcome to the In-Portal Open Source CMS Issue Tracker! This is a central management / tracking tool for all types of tasks / issues / bugs for the In-Portal Project. Before reporting any issues, please make sure to read the Guide into Issue Tracker and How to Properly Test and Report Bugs!

Viewing Issue Simple Details Jump to Notes ] Wiki ] View Advanced ] Issue History ] Print ]
ID Category Type Reproducibility Date Submitted Last Update
0000423 [In-Portal CMS] Permissions bug report always 2009-11-10 08:05 2010-01-11 22:05
Reporter alex View Status public Project Name In-Portal CMS
Assigned To alex Developer
Priority critical Resolution fixed Fixed in Version 5.0.2-B1
Status closed Product Version 5.0.2-B1 Target Version 5.0.2
Time EstimateNo estimate
Summary 0000423: Session expiration doesn't happen at all
Description Session expiration doesn't happen after patch from 0000359 (Two different urls will lead to same physical template on Front-End) was applied. It made "expired" parameter (set in u:OnSessionExpire event) passed to index.tpl and not available on "login.tpl", where it's used.

Besides, when I try to force admin session expiration by decrementing UserSession.LastAccessed field value I've got fatal error about non-unique record being inserted into UserSession table and not nice redirect to login screen. This happens in debug mode. When in non-debug mode, then maybe this error will be ignored and redirect will be made.

No info about Front-End. Maybe we have same story there.
Additional Information
Tags No tags attached.
Reference
Change Log Message
Estimate Points 0
Attached Files patch file icon session_expiration_fix.patch [^] (4,902 bytes) 2009-11-11 13:08 [Show Content]

- Relationships Relation Graph ] Dependency Graph ]

-  Notes
User avatar (0001080)
Dmitry (manager)
2009-11-11 02:10

This is critical - we need to address this
User avatar (0001084)
alex (manager)
2009-11-11 13:11

Done.

Need to test expiration in all three session modes: auto, get only, cookies only.
Expiration should happen when:
1. session is removed from db
2. session LastAccessed value + Expiration time is smaller then now

Note:
Session expiration will not happen when "get only" mode is used and session record is deleted from db, because for "get only" mode sid is added in url in any case and there is no way to know if it's really needed there.
User avatar (0001085)
alex (manager)
2009-11-11 13:11

Fix committed to 5.0.x branch. Commit Message:

Fixes 0000423: Session expiration doesn't happen at all
User avatar (0001086)
alex (manager)
2009-11-11 13:11

Reminder sent to: Dmitry

Test.
User avatar (0001330)
Dmitry (manager)
2010-01-11 22:05

Closing completed tasks.

- Related Changesets
In-Portal CMS: 5.0.x r12898
Timestamp: 2009-11-11 13:11:30
Author: alex
Details ] Diff ]
Fixes 0000423: Session expiration doesn't happen at all
mod - /in-portal/branches/5.0.x/core/kernel/db/db_event_handler.php Diff ] File ]
mod - /in-portal/branches/5.0.x/core/kernel/processors/main_processor.php Diff ] File ]
mod - /in-portal/branches/5.0.x/core/kernel/session/session.php Diff ] File ]
mod - /in-portal/branches/5.0.x/core/units/helpers/permissions_helper.php Diff ] File ]

- Issue History
Date Modified Username Field Change
2010-01-11 22:05 Dmitry Note Added: 0001330
2010-01-11 22:05 Dmitry Status resolved => closed
2009-11-11 13:11 alex Issue Monitored: Dmitry
2009-11-11 13:11 alex Note Added: 0001086
2009-11-11 13:11 alex Note Added: 0001085
2009-11-11 13:11 alex Status needs testing => resolved
2009-11-11 13:11 alex Fixed in Version => 5.0.2-B1
2009-11-11 13:11 alex Resolution open => fixed
2009-11-11 13:11 alex Assigned To !COMMUNITY => alex
2009-11-11 13:11 alex Changeset attached 5.0.x r12898
2009-11-11 13:11 alex Note Added: 0001084
2009-11-11 13:11 alex Assigned To alex => !COMMUNITY
2009-11-11 13:11 alex Status needs work => needs testing
2009-11-11 13:08 alex File Added: session_expiration_fix.patch
2009-11-11 02:10 Dmitry Note Added: 0001080
2009-11-11 02:10 Dmitry Assigned To => alex
2009-11-11 02:10 Dmitry Priority normal => critical
2009-11-11 02:10 Dmitry Status active => needs work
2009-11-10 08:05 alex Target Version => 5.0.2
2009-11-10 08:05 alex New Issue



Web Development by Intechnic
In-Portal Open Source CMS
In-Portal Open Source CMS
Copyright © 2000 - 2009 MantisBT Group

Powered by Mantis Bugtracker