Subject: The mailing list for listmasters using Sympa
List archive
[sympa-users] Review request: [patch] session is broken by multiple requests
- From: IKEDA Soji <address@concealed>
- To: address@concealed
- Subject: [sympa-users] Review request: [patch] session is broken by multiple requests
- Date: Mon, 23 Jul 2012 10:30:57 +0900
Hi folks,
WWSympa session cookie is renewed by each request to prevent
session hijacking. However, by simultaneous requests (e.g.
embedded images on archive) or by rapid successive requests (e.g.
multiple-clicking the link), client cannot get correct cookie.
As a result, session is broken and user is logged-out.
This is reported by Bug #4405, #6180, #7079 & #8056.
I made a patch to solve this problem:
- Cookies are sent only when transition between pages certainly
occurred.
- Embedded images on archive won't renew cookie.
- For those purposes, new column "digest_session" of session_table
holds signature of the page content that user requested.
A patch against Sympa 6.1.13 is here:
https://sourcesup.renater.fr/tracker/download.php/23/167/6180/1114/sympa-6.1-r7508-duplicated_cookies.patch
Is this solution appropriate?
Thanks,
--
IKEDA Soji, Security & OSS Solution Group, Conversion, Co., Ltd.
Helios-Kannnai bldg. 7F, 3-21-2 Motohama-cho, Yokohama, Kanagawa 231-0004
e-mail address@concealed TEL 045-640-3550
http://www.conversion.co.jp/
- [sympa-users] Review request: [patch] session is broken by multiple requests, IKEDA Soji, 07/23/2012
Archive powered by MHonArc 2.6.19+.