phpBB3

session redirect for Bot user is executed for usual user

Details

  • Type: Bug Bug
  • Status: Unverified Fix Unverified Fix
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: 3.0.8
  • Fix Version/s: 3.0.9-RC1
  • Component/s: Sessions
  • Labels:
    None
  • Environment:
     PHP 5.3.3, MySQL 5.0.4, Firefox 3.6

Description

Look in session.php, around line 626:

redirect(build_url(array('sid')));

This is executed once the usual user logs out

Is this correct?

Issue Links

blocks

Bug - A problem which impairs or prevents the functions of the product. PHPBB3-9908 Send "Moved Permanently" before stripping off session ids for Bots.

  • Minor - Minor loss of function, or other problem where easy workaround is present.
  • Unverified Fix - A resolution has been taken, and it is awaiting verification by reporter. From here issues are either reopened, or are closed.
depends on

Sub-task - The sub-task of the issue PHPBB3-9732 Cover session code extensively in tests

  • Major - Major loss of function.
  • Unverified Fix - A resolution has been taken, and it is awaiting verification by reporter. From here issues are either reopened, or are closed.
is duplicated by

Bug - A problem which impairs or prevents the functions of the product. PHPBB3-9936 If the current user is ANONYMOUS one cannot log in

  • Major - Major loss of function.
  • Closed - The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.
was caused by solution of

Bug - A problem which impairs or prevents the functions of the product. PHPBB3-9085 Spiders aren't recognised if they have a valid session id

  • Minor - Minor loss of function, or other problem where easy workaround is present.
  • Unverified Fix - A resolution has been taken, and it is awaiting verification by reporter. From here issues are either reopened, or are closed.

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Andreas Fischer added a comment -

This is the phpBB bug tracker. Here you can report bugs you have found in the software. The bug tracker is not for support, i.e. not for questions. Do you have a problem with that particular statement? If that's the case please describe your problem instead of asking unhelpful questions such as "Is this correct?". Thanks.

Show
Andreas Fischer added a comment - This is the phpBB bug tracker. Here you can report bugs you have found in the software. The bug tracker is not for support, i.e. not for questions. Do you have a problem with that particular statement? If that's the case please describe your problem instead of asking unhelpful questions such as "Is this correct?". Thanks.
Hide
Permalink
Dionisiy added a comment -

Sorry, the bug is in incorrect behavior.
As stated in the code this redirection should be applied to bots only, but logout of registered user is also redirected to /ucp.php?mode=logout first.

This creates a problem for 3rd party phpBB integrations and creates additional page load per each logout.

The correct code is:

if (isset($_GET['sid']) && $bot)

{ redirect(build_url(array('sid'))); }
Show
Dionisiy added a comment - Sorry, the bug is in incorrect behavior. As stated in the code this redirection should be applied to bots only, but logout of registered user is also redirected to /ucp.php?mode=logout first. This creates a problem for 3rd party phpBB integrations and creates additional page load per each logout. The correct code is: if (isset($_GET ['sid'] ) && $bot) { redirect(build_url(array('sid'))); }
Hide
Permalink
Fish-Face added a comment -

(From PHPBB3-9936)

This also causes problems when logging in if an external auth module has unregistered users as the anonymous user. I can confirm that Dionisly's change fixes this issue too.

Show
Fish-Face added a comment - (From PHPBB3-9936) This also causes problems when logging in if an external auth module has unregistered users as the anonymous user. I can confirm that Dionisly's change fixes this issue too.
Hide
Permalink
Andreas Fischer added a comment -

Caused by https://github.com/phpbb/phpbb3/commit/d07e152ea7e820c5a0e47aeb8004fa0b5621a314

Show
Andreas Fischer added a comment - Caused by https://github.com/phpbb/phpbb3/commit/d07e152ea7e820c5a0e47aeb8004fa0b5621a314
Hide
Permalink
Nils Adermann added a comment -

Needs tests

Show
Nils Adermann added a comment - Needs tests
Hide
Permalink
Andreas Fischer added a comment -

Please merge now, add tests later.

Show
Andreas Fischer added a comment - Please merge now, add tests later.
Hide
Permalink
Oleg added a comment -

I tested this manually.

Test suite tests are... painful. Session reads $_GET and calls redirect().

Show
Oleg added a comment - I tested this manually. Test suite tests are... painful. Session reads $_GET and calls redirect().
Hide
Permalink
Oleg added a comment -

I rebased the commit to have it after the session tests were fixed.

Show
Oleg added a comment - I rebased the commit to have it after the session tests were fixed.

People

  • Assignee:
    Andreas Fischer
    Reporter:
    Dionisiy
Vote (0)
Watch (0)

Dates

  • Created:
    Updated:
    Resolved: