Outreach Project Tool / Bugs / #110 OPT_MAX 1.1: session reset if user does not logout

#110 OPT_MAX 1.1: session reset if user does not logout

Status: closed-fixed

Owner: nobody

Labels: Security (2)

Priority: 5

Updated: 2006-09-10

Created: 2003-10-08

Creator: Martin Vernooij

Private: No

Hi,

I noticed that when users close their browser, without
they have logged off from the system, they effectively
get locked out from the system. They cannot login anymore.

There are two work arounds for the short term I use.
Either reset the status field in the 'people' to 5
(couldn't figure out exact explanation of the status
codes, as a it seems to be used as a binary int) , but
this seems to work.

Other option ofcourse is to reset the user passwd with
the admin module.

I believe there should be a session timeout, and the
user should be reset automatically if a session is
expired. I'm not an experienced php programmer, so I'll
have to leave this to the experts.

Martin.

Discussion

Martin Vernooij - 2003-10-08

Logged In: YES
user_id=608879

Sorry, a screen refresh just bumped in on me here. Please
ignore this request.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Martin Vernooij - 2006-09-10

labels: --> Security

status: open --> closed-fixed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Martin Vernooij - 2006-09-10

Logged In: YES
user_id=608879

This bug is no longer reproducable anymore in 1.2.7 Max.
1.2.7 has some enhancements for session and execution
abortion, so I believe this bug has been fixed.

Martin

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

OPT_MAX 1.1: session reset if user does not logout

Group

Searches

Help

#110 OPT_MAX 1.1: session reset if user does not logout

Discussion