|
In-Portal Issue Tracker - In-Portal CMS
|
|
Viewing Issue Advanced Details |
|
|
ID:
|
Category:
|
Type:
|
Reproducibility:
|
Date Submitted:
|
Last Update:
|
|
423 |
[In-Portal CMS] Permissions |
bug report |
always |
2009-11-10 08:05 |
2010-01-11 22:05 |
|
|
Reporter:
|
alex |
Platform:
|
|
|
|
Assigned To:
|
alex |
OS:
|
|
|
|
Priority:
|
critical |
OS Version:
|
|
|
|
Status:
|
closed |
Product Version:
|
5.0.2-B1 |
|
|
Product Build:
|
|
Resolution:
|
fixed |
|
| |
|
ETA:
|
none |
Fixed in Version:
|
5.0.2-B1 |
|
|
Reference:
|
|
|
Change Log Message:
|
|
|
Estimate Points:
|
0 |
|
|
Summary:
|
0000423: Session expiration doesn't happen at all |
|
Description:
|
Session expiration doesn't happen after patch from 0000359 (Two different urls will lead to same physical template on Front-End) was applied. It made "expired" parameter (set in u:OnSessionExpire event) passed to index.tpl and not available on "login.tpl", where it's used.
Besides, when I try to force admin session expiration by decrementing UserSession.LastAccessed field value I've got fatal error about non-unique record being inserted into UserSession table and not nice redirect to login screen. This happens in debug mode. When in non-debug mode, then maybe this error will be ignored and redirect will be made.
No info about Front-End. Maybe we have same story there. |
|
Steps To Reproduce:
|
|
|
Additional Information:
|
|
| Relationships | |
|
Attached Files:
|
 session_expiration_fix.patch (4,902) 2009-11-11 13:08
http://tracker.in-portal.org/file_download.php?file_id=142&type=bug |
|
|
Issue History |
|
Date Modified |
Username |
Field |
Change |
|
2010-01-11 22:05 |
Dmitry |
Note Added: 0001330 |
|
|
2010-01-11 22:05 |
Dmitry |
Status |
resolved => closed |
|
2009-11-11 13:11 |
alex |
Issue Monitored: Dmitry |
|
|
2009-11-11 13:11 |
alex |
Note Added: 0001086 |
|
|
2009-11-11 13:11 |
alex |
Note Added: 0001085 |
|
|
2009-11-11 13:11 |
alex |
Status |
needs testing => resolved |
|
2009-11-11 13:11 |
alex |
Fixed in Version |
=> 5.0.2-B1 |
|
2009-11-11 13:11 |
alex |
Resolution |
open => fixed |
|
2009-11-11 13:11 |
alex |
Assigned To |
!COMMUNITY => alex |
|
2009-11-11 13:11 |
alex |
Changeset attached |
5.0.x r12898 |
|
2009-11-11 13:11 |
alex |
Note Added: 0001084 |
|
|
2009-11-11 13:11 |
alex |
Assigned To |
alex => !COMMUNITY |
|
2009-11-11 13:11 |
alex |
Status |
needs work => needs testing |
|
2009-11-11 13:08 |
alex |
File Added: session_expiration_fix.patch |
|
|
2009-11-11 02:10 |
Dmitry |
Note Added: 0001080 |
|
|
2009-11-11 02:10 |
Dmitry |
Assigned To |
=> alex |
|
2009-11-11 02:10 |
Dmitry |
Priority |
normal => critical |
|
2009-11-11 02:10 |
Dmitry |
Status |
active => needs work |
|
2009-11-10 08:05 |
alex |
Target Version |
=> 5.0.2 |
|
2009-11-10 08:05 |
alex |
New Issue |
|
|
Notes |
|
|
(0001080)
|
|
Dmitry
|
|
2009-11-11 02:10
|
|
|
This is critical - we need to address this |
|
|
|
(0001084)
|
|
alex
|
|
2009-11-11 13:11
|
|
Done.
Need to test expiration in all three session modes: auto, get only, cookies only.
Expiration should happen when:
1. session is removed from db
2. session LastAccessed value + Expiration time is smaller then now
Note:
Session expiration will not happen when "get only" mode is used and session record is deleted from db, because for "get only" mode sid is added in url in any case and there is no way to know if it's really needed there.
|
|
|
|
(0001085)
|
|
alex
|
|
2009-11-11 13:11
|
|
Fix committed to 5.0.x branch. Commit Message:
Fixes 0000423: Session expiration doesn't happen at all |
|
|
|
(0001086)
|
|
alex
|
|
2009-11-11 13:11
|
|
|
Reminder sent to: Dmitry
Test. |
|
|
|
(0001330)
|
|
Dmitry
|
|
2010-01-11 22:05
|
|
|