Fork me on GitHub

You are not logged in. Please login or register.

Development

Download

Tickets

Milestones

Subscribe 3

Ticket #240 (fixed bug)

FluxBB 1.2.23: Authentication cookie sometimes set incorrectly

Created: 2011-01-12 19:04:55
Reported by: dairiki
Assigned to: Franz

Milestone: 1.2.24
Component: authentication
Priority: normal

Release 1.2.23 of fluxbb changed the auth cookie parsing code. Now, for the cookie to be recognized, the user_id must be serialized as a string (not an integer.) This isn't always happening. (E.g. if o_reg_verify is off, when cookie is set after successful new registration in register.php.)

A patch will be attached to this ticket shortly.

History

dairiki 2011-01-12 19:06:09

Uploaded patch fluxbb-1.2.23_setcookie.patch. (view)

Reines 2011-01-13 12:23:56

Milestone set to 1.4.3.
Owner set to Reines.
Status changed from open to duplicate.

Hey. Thanks for the ticket/patch. This has already been fixed actually and will be included in 1.4.3.

Franz 2011-01-13 12:39:48

Isn't this about the 1.2.* branch?

Reines 2011-01-13 12:41:13

Status changed from duplicate to open.

Ah sorry you're right, I totally glossed over the version number there.

Reines 2011-01-13 12:41:34

Milestone 1.4.3 removed.

Franz 2011-01-13 12:43:00

That brings up the question of supporting the 1.2.* branch, though.

Reines 2011-01-13 12:44:36

Well this is a bug we introduced when fixing a security bug so we probably are obliged to fix it.

Franz 2011-01-13 12:47:07

Milestone set to 1.2.24.

Franz 2011-03-09 15:49:19

Commit f233870 to fluxbb fluxbb-1.2

#240: Fix authentication cookie being set incorrectly in some cases.

This is the v1.2.* version of #177.
Reported by dairiki.

Franz 2011-03-09 15:49:54

Owner changed from Reines to Franz.
Status changed from open to fixed.

I fixed this in f233870.

We can just release v1.2.24 when we release v1.4.5, right?

Franz 2011-06-06 20:38:00

Component changed from security to authentication.