From: <nuc...@us...> - 2008-07-30 12:00:19
|
Revision: 5458 http://mantisbt.svn.sourceforge.net/mantisbt/?rev=5458&view=rev Author: nuclear_eclipse Date: 2008-07-30 12:00:15 +0000 (Wed, 30 Jul 2008) Log Message: ----------- Fix #9323: PHP sessions prevented browser caching. Modified Paths: -------------- trunk/mantisbt/core/session_api.php Modified: trunk/mantisbt/core/session_api.php =================================================================== --- trunk/mantisbt/core/session_api.php 2008-07-30 11:59:11 UTC (rev 5457) +++ trunk/mantisbt/core/session_api.php 2008-07-30 12:00:15 UTC (rev 5458) @@ -55,6 +55,7 @@ session_save_path( $t_session_save_path ); } + session_cache_limiter( 'private_no_expire' ); session_start(); $this->id = session_id(); } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <pri...@us...> - 2008-08-13 09:22:49
|
Revision: 5509 http://mantisbt.svn.sourceforge.net/mantisbt/?rev=5509&view=rev Author: prichards Date: 2008-08-13 09:22:43 +0000 (Wed, 13 Aug 2008) Log Message: ----------- 0009524: Mantis should use secure sessions on https connections Modified Paths: -------------- trunk/mantisbt/core/session_api.php Modified: trunk/mantisbt/core/session_api.php =================================================================== --- trunk/mantisbt/core/session_api.php 2008-08-12 17:42:07 UTC (rev 5508) +++ trunk/mantisbt/core/session_api.php 2008-08-13 09:22:43 UTC (rev 5509) @@ -56,6 +56,9 @@ } session_cache_limiter( 'private_no_expire' ); + if ( isset( $_SERVER['HTTPS'] ) && ( strtolower( $_SERVER['HTTPS'] ) != 'off' ) ) { + session_set_cookie_params( 0, config_get( 'cookie_path' ), config_get( 'cookie_domain' ), true, true ); + } session_start(); $this->id = session_id(); } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <nuc...@us...> - 2008-08-21 11:19:20
|
Revision: 5517 http://mantisbt.svn.sourceforge.net/mantisbt/?rev=5517&view=rev Author: nuclear_eclipse Date: 2008-08-21 11:19:17 +0000 (Thu, 21 Aug 2008) Log Message: ----------- Fix #9559: Wrong conditional check in session_save_path Modified Paths: -------------- trunk/mantisbt/core/session_api.php Modified: trunk/mantisbt/core/session_api.php =================================================================== --- trunk/mantisbt/core/session_api.php 2008-08-21 11:18:57 UTC (rev 5516) +++ trunk/mantisbt/core/session_api.php 2008-08-21 11:19:17 UTC (rev 5517) @@ -51,7 +51,7 @@ class MantisPHPSession extends MantisSession { function __construct() { $t_session_save_path = config_get_global( 'session_save_path' ); - if ( ! $t_session_save_path ) { + if ( $t_session_save_path ) { session_save_path( $t_session_save_path ); } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <nuc...@us...> - 2008-10-14 17:02:55
|
Revision: 5669 http://mantisbt.svn.sourceforge.net/mantisbt/?rev=5669&view=rev Author: nuclear_eclipse Date: 2008-10-14 17:02:51 +0000 (Tue, 14 Oct 2008) Log Message: ----------- Fix #9690: httponly flag for session_set_cookie_params() is only in PHP 5.2+ Modified Paths: -------------- trunk/mantisbt/core/session_api.php Modified: trunk/mantisbt/core/session_api.php =================================================================== --- trunk/mantisbt/core/session_api.php 2008-10-14 15:52:30 UTC (rev 5668) +++ trunk/mantisbt/core/session_api.php 2008-10-14 17:02:51 UTC (rev 5669) @@ -58,12 +58,11 @@ } session_cache_limiter( 'private_no_expire' ); - if( isset( $_SERVER['HTTPS'] ) && ( strtolower( $_SERVER['HTTPS'] ) != 'off' ) ) { - session_set_cookie_params( 0, config_get( 'cookie_path' ), config_get( 'cookie_domain' ), true, true ); + if ( isset( $_SERVER['HTTPS'] ) && ( strtolower( $_SERVER['HTTPS'] ) != 'off' ) ) { + session_set_cookie_params( 0, config_get( 'cookie_path' ), config_get( 'cookie_domain' ), true ); + } else { + session_set_cookie_params( 0, config_get( 'cookie_path' ), config_get( 'cookie_domain' ), false ); } - else { - session_set_cookie_params( 0, config_get( 'cookie_path' ), config_get( 'cookie_domain' ), false, true ); - } session_start(); $this->id = session_id(); } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |