MantisBT: master 6f369a5a
Author | Committer | Branch | Timestamp | Parent |
---|---|---|---|---|
dregad | dregad | master | 2021-02-13 12:33 | master c2ed5da6 |
Affected Issues | 0011296: Mantis BT is using fix cookies in the DB | |||
0027976: CVE-2009-20001: User cookie string is not reset upon logout | ||||
Changeset | Reset user session cookie string upon logout When a user logs out from Mantis, we clear their session cookie string On login, after successfully authenticating the user, when setting While not a complete fix for issue 0011296, this does improve the Additionally, using an empty value to indicate an invalidated cookie
Note: an empty string in the session cookie always triggers an anonymous Fixes 0027976 |
|||
mod - core/authentication_api.php | Diff File |