Opened 13 years ago
Closed 13 years ago
#720 closed defect (fixed)
login.php creates a session even if the user is not logged in
| Reported by: | christoph | Owned by: | christoph |
|---|---|---|---|
| Priority: | major | Milestone: | 2.7.1 release |
| Component: | core | Version: | 2.6.2 |
| Keywords: | Cc: |
Description
This leads to obsolete and unused sessions.
Change History (5)
comment:1 by , 13 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 13 years ago
What I did was restructure globalSettings.php and system.php a bit. globalSettings starts the session, so when the session is not needed, system.php will suffice (it opens the db connection).
I checked the following scenarios, which are working (= only a single session is created for a user, no more abandoned sessions)
- User A logs in first, then user B in another tab.
- User A logs in first, then user B from another client.
TODO:
- There are still some AJAX calls, where the above with disabled cookies fails. These AJAX calls don't send the session id to the server.
- The logout method should delete all session information and expire the cookie. It seems like the cookie still lives on after logout.
comment:3 by , 13 years ago
added optional session name. This is useful if you are using multiple Mapbender installations
comment:5 by , 13 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
trunk
changeset:7131