Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-10913

Admin is logged out when accessing any url under adm/ without session id

    Details

      Description

      Since this could be triggered by accident or even intentionally by a third party through e.g. an [img] tag in a post, it's rather annoying for an admin that he gets logged out when going to any URL under adm/ without a session id.

      Instead such URLs should simply return a 401 Not Authorized header and redirect to the board index.

        Issue Links

          Activity

          Hide
          brunoais brunoais added a comment -

          Logged in, logged in into the ACP.
          Then went into a random page.
          Removed the sid part of the url.

          R: Was redirected to the index.php.

          Repeat all of the above 5 times and the R: (what was expected) happened.

          Verified

          Show
          brunoais brunoais added a comment - Logged in, logged in into the ACP. Then went into a random page. Removed the sid part of the url. R: Was redirected to the index.php. Repeat all of the above 5 times and the R: (what was expected) happened. Verified

            People

            • Assignee:
              naderman Nils Adermann
              Reporter:
              naderman Nils Adermann
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development