View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0028974 | mantisbt | security | public | 2021-08-12 07:25 | 2023-02-15 03:51 |
Reporter | domosekai | Assigned To | |||
Priority | normal | Severity | major | Reproducibility | always |
Status | acknowledged | Resolution | open | ||
Product Version | 2.25.2 | ||||
Summary | 0028974: Multiple issues in session validation function | ||||
Description | The session validation function is an important feature that tracks the IP address of the session. However the current implementation confuses me. Problem 1: Invalidated session is not logged out Problem 2: Redirect through meta refresh causes the browser to cache the page | ||||
Steps To Reproduce | Verified with this site as well.
| ||||
Additional Information | relevant code | ||||
Tags | No tags attached. | ||||
related to | 0013035 | acknowledged | Secure Session Support for Platforms masking client source address but injecting HTTP headers |