NOTE:: Before reporting an issue, make sure you are running the latest version, currently 3.3.1
|Anonymous | Login | Signup for a new account||23-06-17 04:35 BST|
|My View | View Issues | Change Log | Roadmap|
|View Issue Details|
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0015547||phplist application||Security||public||08-10-10 00:51||01-11-12 17:50|
|Priority||normal||Severity||minor||Reproducibility||have not tried|
|Target Version||4.0.x||Fixed in Version||2.11.8|
|Summary||0015547: Setting secure cookies to true with phpList in subdomain causes session problem.|
|Description||schkovich reported this issue and provides attached patch, presumbably for v2.10.12 (needs to be checked):|
==== Start Quote ====
Having set use secure cookies to true and phpList in subdomain caused the problem.
It would be better to create a class that will handle sessions (not only starting and destroying but getters and setters, timers, secuirty, etc) but since phpList is far, far away from OOP perhaps at list a single function that will handle starting sessions should be created. Unfortunately I did not have time to figure out where such function should be placed therefore several files need to be patched.
==== End Quote ====
ref: http://forums.phplist.com/viewtopic.php?p=79355#p79355 [^]
|Tags||No tags attached.|
|Attached Files||secure_sessions_patch.diff [^] (6,621 bytes) 08-10-10 00:51 [Show Content]|
|Patch was confirmed to apply to v2.10.12|
can't see any "secure cookies" in the patch, but looks like session_name(md5("phplist")) is the main change.
|Copyright © 2000 - 2017 MantisBT Team|