testlink.org
| Anonymous | Login | Signup for a new account | 2018-12-19 14:42 UTC |  |
| Main | My View | View Issues | Change Log | My Account |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
| 0005317 | TestLink | 0 - User too Lazy to analize defined categories | public | 2012-10-31 02:29 | 2015-05-01 07:45 | ||||
| Reporter | sinohzxu | ||||||||
| Assigned To | fman | ||||||||
| Priority | low | Severity | major | Reproducibility | always | ||||
| Status | closed | Resolution | fixed | ||||||
| Platform | OS | OS Version | |||||||
| Product Version | 1.9.4 (2012 Q3 - bug fixing) | ||||||||
| Fixed in Version | 1.9.13 (2015 #1) | ||||||||
| Summary | 0005317: must login twice and logout before login. | ||||||||
| Description | after upgrade 1.9.4,when session timed out or forget logout,we must logout first and login again . it will display "Invalid security token" after first login. Is it possible to be the same with 1.9.3? Don't need to login twice... | ||||||||
| Steps To Reproduce | 1. login succesfully. 2. close the page without logout. 3. open login page 4. login 5. after showing "Invalid security token",login again. | ||||||||
| Tags | No tags attached. | ||||||||
| Database (MySQL,Postgres,etc) | mysql | ||||||||
| Browser | |||||||||
| PHP Version | |||||||||
| TestCaseID | |||||||||
| QA Team - Task Workflow Status | TBD | ||||||||
| Attached Files | |||||||||
 Relationships |
||||||
|
||||||
 Relationships |
|
Notes |
|
|
(0017758) fman (administrator) 2012-10-31 06:04 |
Reminder sent to: kinow can you give a look or provide advice |
|
(0017760) kinow (reporter) 2012-10-31 12:30 |
Sure, I knew about this issue, and wanted to fix it before the next release :o) thanks. |
|
(0017812) sinohzxu (reporter) 2012-11-13 08:48 |
So when will be the next release?is it testlink2.0? Look forward:) |
|
(0017813) kinow (reporter) 2012-11-13 09:16 |
Hi @sinohzxu, I believe it's still not 2.0, but the next version should be released within the next weeks ;-) I have a patch, that changes the way TestLink protects users against CSRF. I have to commit this patch and test for a while. The CSRF protection is the responsible for having you logging in twice. I'm wondering if you would like to help me testing this patch :-) |
|
(0017818) sinohzxu (reporter) 2012-11-14 06:46 |
Waaa, Next version is coming out? happy to hear that. Actually I have been developing 1.9.4 for other requirements, and each time patch comes out ,i would like very much to integrate my version with patches. where could I get the patch? I 'd like to test it:) |
|
(0017822) kinow (reporter) 2012-11-15 00:31 |
>Actually I have been developing 1.9.4 for other requirements, and each time patch comes out ,i would like very much to integrate my version with patches. where could I get the patch? I 'd like to test it:) Yay! I'll post it here, or if it's too many files, I'll send you the link from gitorious. Thanks much |
|
(0017834) kinow (reporter) 2012-11-17 05:29 |
Hi sinohzxu! here it goes: https://gitorious.org/testlink-ga/testlink-code/archive-tarball/testlink_1_9 [^] Grab the latest tarball from Gitorious (you may be asked to create an account on Gitorious, not sure), install in a test database, and try reproducing the error. Then, check config.inc.php. There's a new entry there. Make sure that it's set to true, as demonstrated following. $tlCfg->csrf_filter_enabled = TRUE; Then test if you can reproduce the error. This error is being caused by a bogus CSRF (bad security breach) verification. In this tarball, we'd replaced this verification by another one from OWASP. It acts as a global filter, but you have to turn this filter on, using this flag. Let me know if that works. Thanks! |
|
(0017861) sinohzxu (reporter) 2012-11-21 06:59 edited on: 2012-11-21 07:01 |
Sorry kinow, How to get the changelog of the code when you try to fix the issue? like http://gitorious.org/testlink-ga/testlink-code/commit/213d524519e27ef94fcde1b66918feefcbf47404 [^] It will be more convienient for us to test the code on our server since the code and db is different. |
|
(0017862) kinow (reporter) 2012-11-21 09:27 |
Hi sinohzxu, There links to the commits can be found here http://mantis.testlink.org/view.php?id=4977, [^] in my last comment :) Cheers |
|
(0023221) Mr.Bricodage (updater) 2015-04-26 16:57 |
linked with 0004977 that is Fixed in Version 1.9.7 (2013 Q2 - bug fixing) |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2012-10-31 02:29 | sinohzxu | New Issue | |
| 2012-10-31 06:04 | fman | Note Added: 0017758 | |
| 2012-10-31 06:05 | fman | Category | 0 - Undefined => 0 - User too Lazy to analize defined categories |
| 2012-10-31 12:30 | kinow | Note Added: 0017760 | |
| 2012-10-31 12:44 | kinow | Assigned To | => kinow |
| 2012-10-31 12:44 | kinow | Status | new => work in progress |
| 2012-11-01 22:17 | kinow | Relationship added | child of 0004977 |
| 2012-11-13 08:48 | sinohzxu | Note Added: 0017812 | |
| 2012-11-13 09:16 | kinow | Note Added: 0017813 | |
| 2012-11-14 06:46 | sinohzxu | Note Added: 0017818 | |
| 2012-11-15 00:31 | kinow | Note Added: 0017822 | |
| 2012-11-17 05:29 | kinow | Note Added: 0017834 | |
| 2012-11-21 06:59 | sinohzxu | Note Added: 0017861 | |
| 2012-11-21 07:01 | sinohzxu | Note Edited: 0017861 | View Revisions |
| 2012-11-21 09:27 | kinow | Note Added: 0017862 | |
| 2015-04-26 16:57 | Mr.Bricodage | Note Added: 0023221 | |
| 2015-04-26 16:57 | Mr.Bricodage | Relationship added | child of 0007083 |
| 2015-05-01 07:45 | fman | Assigned To | kinow => fman |
| 2015-05-01 07:45 | fman | Status | work in progress => new |
| 2015-05-01 07:45 | fman | Status | new => closed |
| 2015-05-01 07:45 | fman | Resolution | open => fixed |
| 2015-05-01 07:45 | fman | Fixed in Version | => 1.9.13 (2015 #1) |
| 2015-05-03 15:25 | Mr.Bricodage | Relationship deleted | child of 0007083 |
|
Issue History |
| Copyright © 2000 - 2018 MantisBT Team |
 |