|Anonymous | Login | Signup for a new account||2019-12-11 17:49 UTC|
|Main | My View | View Issues | Change Log | My Account|
|View Issue Details|
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0002239||TestLink||General||public||2009-03-17 14:51||2009-04-20 04:38|
|Product Version||1.8 RC 5|
|Fixed in Version|
|Summary||0002239: Sessions handled uncorrectly|
|Description||The sessions ID' handled incorrectly, that is why this is a major security issue.|
Steps to Reproduce:
1. Login into Testlink using firefox
2. Open a new tab
3. Login with a different user name
4. Press F5
The second tab Testlink will refresh itself, but the first's tab user's page viewable. Maybe because it is using the same session ID.
After refresh I just refreshing, but do not changing user like in the example.
The Session ID handling is totaly wrong. Same problem if I login into Testlink, after that I close the browser, tha reopen it. Selecting the history and reselect the Testlink page. Still loged in with the same ssion ID. It should give different session ID
|Tags||No tags attached.|
|QA Team - Task Workflow Status|
This can not be solved due to method used to manage session.
I have same problem when using Mantis.
If you have some hint, implemented solution that can help, please let us know.
Meanwhile you can not use tabs with TL, I'm sorry
You shouldn't have to store the session ID in the cookies.
When you launch a new tab or browser the session ID should be stored within that executed browser.
Ok, but what we need is a working code, not just the idea.
I've googled and found no simple solution
|Ok, I understand taht, but sorry I am not a developer. :)|
|We could look how other projects cares about it. A acknowledge it. Idea is correct. We should consider if we solve it or take as acceptable danger.|
|2009-03-17 14:51||ifezs001||New Issue|
|2009-03-17 14:51||ifezs001||Browser||=> Firefox|
|2009-03-17 14:51||ifezs001||PHP Version||=> 5|
|2009-03-17 18:40||fman||Note Added: 0005892|
|2009-03-17 18:40||fman||Status||new => feedback|
|2009-03-18 15:46||ifezs001||Note Added: 0005897|
|2009-03-19 01:27||fman||Note Added: 0005901|
|2009-03-25 16:25||ifezs001||Note Added: 0005984|
|2009-04-20 04:38||mhavlat||Note Added: 0006446|
|2009-04-20 04:38||mhavlat||Status||feedback => acknowledged|
|Copyright © 2000 - 2019 MantisBT Team|