From: Daniel W. <d...@ni...> - 2007-11-02 09:41:08
|
>> I have a clue about this. I think a plugin or some kind of function >> tries to access a file or folder incorrectly. This is caught by the >> index.php which redirects the user to login.php. >> > > We've actually seen this before. It was triggered by incoming emails, > that had bad URLs for images. We'd build a <img src="" /> url, which > would trigger index.php to load, and... > > >> login.php kills the session! >> > > This was however fixed a few years ago. > > >> So the next action the user does is greeted with 'you must be logged in'. >> > > Is there any way for login.php to know when this happens? If a full fledged session is underway, perhaps it can intelligently load a 'Are you sure you wish to sign out?' page which, when confirmed, THEN kills the session and loads the standard login form? Then any inadvertent loading of login.php will not trigger session death. |