Ticket #240 (fixed bug)
FluxBB 1.2.23: Authentication cookie sometimes set incorrectly
- Created: 2011-01-12 19:04:55
- Reported by: dairiki
- Assigned to: Franz
- Milestone: 1.2.24
- Component: authentication
- Priority: normal
Release 1.2.23 of fluxbb changed the auth cookie parsing code. Now, for the cookie to be recognized, the user_id must be serialized as a string (not an integer.) This isn't always happening. (E.g. if o_reg_verify is off, when cookie is set after successful new registration in register.php.)
A patch will be attached to this ticket shortly.
Reines 2011-01-13 12:23:56
- Milestone set to 1.4.3.
- Owner set to Reines.
- Status changed from open to duplicate.
Hey. Thanks for the ticket/patch. This has already been fixed actually and will be included in 1.4.3.
Franz 2011-01-13 12:39:48
Isn't this about the 1.2.* branch?
Reines 2011-01-13 12:41:13
- Status changed from duplicate to open.
Ah sorry you're right, I totally glossed over the version number there.
Reines 2011-01-13 12:41:34
- Milestone 1.4.3 removed.
Franz 2011-01-13 12:43:00
That brings up the question of supporting the 1.2.* branch, though.
Reines 2011-01-13 12:44:36
Well this is a bug we introduced when fixing a security bug so we probably are obliged to fix it.
Franz 2011-01-13 12:47:07
- Milestone set to 1.2.24.
Franz 2011-03-09 15:49:54
- Owner changed from Reines to Franz.
- Status changed from open to fixed.
I fixed this in f233870.
We can just release v1.2.24 when we release v1.4.5, right?
Franz 2011-06-06 20:38:00
- Component changed from security to authentication.