NOTE:: Before reporting an issue, make sure you are running the latest version, currently 3.3.1

View Issue Details Jump to Notes ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0015547phplist applicationSecuritypublic08-10-10 00:5101-11-12 17:50
PrioritynormalSeverityminorReproducibilityhave not tried
PlatformOSOS Version
Product Version2.10.12 
Target Version4.0.xFixed in Version2.11.8 
Summary0015547: Setting secure cookies to true with phpList in subdomain causes session problem.
Descriptionschkovich reported this issue and provides attached patch, presumbably for v2.10.12 (needs to be checked):
==== Start Quote ====
Having set use secure cookies to true and phpList in subdomain caused the problem.

It would be better to create a class that will handle sessions (not only starting and destroying but getters and setters, timers, secuirty, etc) but since phpList is far, far away from OOP perhaps at list a single function that will handle starting sessions should be created. Unfortunately I did not have time to figure out where such function should be placed therefore several files need to be patched.
==== End Quote ====
ref: [^]
TagsNo tags attached.
Attached Filesdiff file icon secure_sessions_patch.diff [^] (6,621 bytes) 08-10-10 00:51 [Show Content]

- Relationships Relation Graph ] Dependency Graph ]
child of 0010998new Enhance security 

-  Notes
h2b2 (manager)
09-10-10 04:20

Patch was confirmed to apply to v2.10.12
michiel (manager)
01-11-12 17:50

can't see any "secure cookies" in the patch, but looks like session_name(md5("phplist")) is the main change.


Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker