Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-13048

AJAX requests are being stored to session_page

    Details

    • Type: Bug
    • Status: Unverified Fix
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 3.1.0-RC3
    • Fix Version/s: 3.1.0-RC5
    • Component/s: Sessions
    • Labels:
      None

      Description

      When a user triggers any sort of AJAX related content, that AJAX url is being stored to the user's session_page field in the sessions table.

      That means a user who is viewing a forum, but clicked on an AJAX action, for example Delete all board cookies, then the delete all board cookies link gets stored to their session_page, and in view online the user will be reported as viewing the UCP, even though they are actually still on a forum page.

      This gets worse for extensions, which will use AJAX increasingly.

      The session_page data should only store actual pages being viewed, not AJAX requests.

        Activity

        Hide
        VSE Matt Friedman added a comment -

        IRC: [2014-09-07 14:26:50] <prototech> nickvergessen, https://github.com/phpbb/phpbb/pull/2930 not sure that I like this patch since it completely prevents the session from getting updated which makes Plupload useless for uploading really big files since the session will time out if you leave alone

        Show
        VSE Matt Friedman added a comment - IRC: [2014-09-07 14:26:50] <prototech> nickvergessen, https://github.com/phpbb/phpbb/pull/2930 not sure that I like this patch since it completely prevents the session from getting updated which makes Plupload useless for uploading really big files since the session will time out if you leave alone
        Hide
        nickvergessen Joas Schilling added a comment -

        We should try to find a way to update the sessions time without the page

        Show
        nickvergessen Joas Schilling added a comment - We should try to find a way to update the sessions time without the page
        Hide
        bantu Andreas Fischer added a comment -

        Yes please.

        Show
        bantu Andreas Fischer added a comment - Yes please.
        Hide
        Senky Senky added a comment -

        So what about it now? Create a new ticket?

        Show
        Senky Senky added a comment - So what about it now? Create a new ticket?
        Hide
        prototech prototech added a comment -

        Let's just reuse this ticket.

        Show
        prototech prototech added a comment - Let's just reuse this ticket.

          People

          • Assignee:
            nickvergessen Joas Schilling
            Reporter:
            VSE Matt Friedman
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development