Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-10913

Admin is logged out when accessing any url under adm/ without session id

    XMLWordPrintable

Details

    Description

      Since this could be triggered by accident or even intentionally by a third party through e.g. an [img] tag in a post, it's rather annoying for an admin that he gets logged out when going to any URL under adm/ without a session id.

      Instead such URLs should simply return a 401 Not Authorized header and redirect to the board index.

      Attachments

        Issue Links

          caused

          Bug - A problem which impairs or prevents the functions of the product. PHPBB3-11196 /includes/session.php sends 401 HTTP status with "Not authorized" instead of "Unauthorized"

          • Trivial - Cosmetic problem like misspelt words or misaligned text.
          • Closed
          is related to

          Bug - A problem which impairs or prevents the functions of the product. PHPBB3-9156 Direct link to ACP login allowed

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Activity

            People

              naderman Nils Adermann
              naderman Nils Adermann
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: