#110 OPT_MAX 1.1: session reset if user does not logout

closed-fixed
nobody
Security (2)
5
2006-09-10
2003-10-08
No

Hi,

I noticed that when users close their browser, without
they have logged off from the system, they effectively
get locked out from the system. They cannot login anymore.

There are two work arounds for the short term I use.
Either reset the status field in the 'people' to 5
(couldn't figure out exact explanation of the status
codes, as a it seems to be used as a binary int) , but
this seems to work.

Other option ofcourse is to reset the user passwd with
the admin module.

I believe there should be a session timeout, and the
user should be reset automatically if a session is
expired. I'm not an experienced php programmer, so I'll
have to leave this to the experts.

Martin.

Discussion

  • Martin Vernooij

    Martin Vernooij - 2003-10-08

    Logged In: YES
    user_id=608879

    Sorry, a screen refresh just bumped in on me here. Please
    ignore this request.

     
  • Martin Vernooij

    Martin Vernooij - 2006-09-10
    • labels: --> Security
    • status: open --> closed-fixed
     
  • Martin Vernooij

    Martin Vernooij - 2006-09-10

    Logged In: YES
    user_id=608879

    This bug is no longer reproducable anymore in 1.2.7 Max.
    1.2.7 has some enhancements for session and execution
    abortion, so I believe this bug has been fixed.

    Martin

     

Log in to post a comment.