Fork me on GitHub
Subscribe 3

Ticket #240 (fixed bug)

FluxBB 1.2.23: Authentication cookie sometimes set incorrectly

  • Created: 2011-01-12 19:04:55
  • Reported by: dairiki
  • Assigned to: Franz
  • Milestone: 1.2.24
  • Component: authentication
  • Priority: normal

Release 1.2.23 of fluxbb changed the auth cookie parsing code.  Now, for the cookie to be recognized, the user_id must be serialized as a string (not an integer.)  This isn't always happening.  (E.g. if o_reg_verify is off, when cookie is set after successful new registration in register.php.)

A patch will be attached to this ticket shortly.


dairiki 2011-01-12 19:06:09

  • Uploaded patch fluxbb-1.2.23_setcookie.patch. (view)

Reines 2011-01-13 12:23:56

  • Milestone set to 1.4.3.
  • Owner set to Reines.
  • Status changed from open to duplicate.

Hey. Thanks for the ticket/patch. This has already been fixed actually and will be included in 1.4.3.

Franz 2011-01-13 12:39:48

Isn't this about the 1.2.* branch?

Reines 2011-01-13 12:41:13

  • Status changed from duplicate to open.

Ah sorry you're right, I totally glossed over the version number there.

Reines 2011-01-13 12:41:34

  • Milestone 1.4.3 removed.

Franz 2011-01-13 12:43:00

That brings up the question of supporting the 1.2.* branch, though.

Reines 2011-01-13 12:44:36

Well this is a bug we introduced when fixing a security bug so we probably are obliged to fix it.

Franz 2011-01-13 12:47:07

  • Milestone set to 1.2.24.

Franz 2011-03-09 15:49:19

Commit f233870 to fluxbb fluxbb-1.2

#240: Fix authentication cookie being set incorrectly in some cases.

This is the v1.2.* version of #177.
Reported by dairiki.

Franz 2011-03-09 15:49:54

  • Owner changed from Reines to Franz.
  • Status changed from open to fixed.

I fixed this in f233870.

We can just release v1.2.24 when we release v1.4.5, right?

Franz 2011-06-06 20:38:00

  • Component changed from security to authentication.