Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Major
Fix Version/s: 3.0.11-RC1
Affects Version/s: 3.0.10
Component/s: ACP, Authentication, Login, Sessions
Labels:
None

Fix URL:
https://github.com/phpbb/phpbb3/pull/826

Since this could be triggered by accident or even intentionally by a third party through e.g. an [img] tag in a post, it's rather annoying for an admin that he gets logged out when going to any URL under adm/ without a session id.

Instead such URLs should simply return a 401 Not Authorized header and redirect to the board index.

caused

PHPBB-11196 /includes/session.php sends 401 HTTP status with "Not authorized" instead of "Unauthorized"

Closed

is related to

PHPBB-9156 Direct link to ACP login allowed

Closed

Assignee:: Nils Adermann

Reporter:: Nils Adermann

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Created:: 29/May/12 1:53 PM

Updated:: 12/Feb/13 9:53 PM

Resolved:: 29/May/12 3:08 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates