Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#2434 session logout clears wrong cookie?

1.260
closed
nobody
None
5
2006-03-06
2006-03-02
lbayuk
No

On logout from webmin, I get an unnamed cookie with a
value of 'x'. I think logout is trying to clear the
session ID cookie I got at login time, but gets the
cookie name wrong, so I end up with an unnamed cookie
in addition to the session ID cookie.

The problem might be in session_login.cgi at this line:
print "Set-Cookie: $config{'sidname'}=x; ...
Apparently, $config{'sidname'} is empty here, rather
than having the name of the SID cookie. I don't know why.

It would be better to actually delete the cookie at
logout (setting the value to empty should do that),
rather than set it to 'x', if in fact the intent is to
get the browser to forget the session ID.

Discussion

  • Jamie Cameron
    Jamie Cameron
    2006-03-06

    • status: open --> closed
     
  • Jamie Cameron
    Jamie Cameron
    2006-03-06

    Logged In: YES
    user_id=129364

    Thanks for pointing this out - the next release of Webmin
    will fix this bug.