[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-tracker] [Bug #3618] list_session function of class sessi
From: |
nobody |
Subject: |
[Phpgroupware-tracker] [Bug #3618] list_session function of class sessions_ph4 intrudes on other installations |
Date: |
Fri, 16 May 2003 22:43:46 -0400 |
=================== BUG #3618: LATEST MODIFICATIONS ==================
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=3618&group_id=509
Changes by: Michael Totschnig <address@hidden>
Date: Sat 05/17/2003 at 02:43 (GMT)
------------------ Additional Follow-up Comments ----------------------------
If I am not mistaken, the code takes care of filtering out sessions of other
virtual domains of the same phpgroupware installation. What it does not handle
different phpgroupware installations, which all use only one, the default
domain.
=================== BUG #3618: FULL BUG SNAPSHOT ===================
Submitted by: totschnig Project: phpGroupWare
Submitted on: Thu 05/15/2003 at 02:16
Category: API - Admin Bug Group: 0.9.14.003 release
Severity: 9 - Critical Priority: None
Resolution: Works for me Assigned to: ralfbecker
Status: Open Component Version: None
Platform Version: None Reproducibility: None
Summary: list_session function of class sessions_ph4 intrudes on other
installations
Original Submission: if there are several installations of phpgroupware on one
system, and they use the same temp dir, and you view the active sessions, you
can see the sessions of all installations there are on your system. You can
even kill them!!!
Follow-up Comments
*******************
-------------------------------------------------------
Date: Sat 05/17/2003 at 02:43 By: totschnig
If I am not mistaken, the code takes care of filtering out sessions of other
virtual domains of the same phpgroupware installation. What it does not handle
different phpgroupware installations, which all use only one, the default
domain.
-------------------------------------------------------
Date: Fri 05/16/2003 at 21:03 By: ralfbecker
It works in my testinstall: I only see the sessions of the domain I'm logged
in.
If you look at the Line 1050 of class.session_php4.inc.php: if the domain in
the session-record does not match my own domain it does a continue to not list
that record. To track down the prob. with your intall u might want to enable
the debug-message on line 1055 extend with an additional output for
$this->account_domain (the domain your in atm).
Let me know what is shows.
CC list is empty
No files currently attached
For detailed info, follow this link:
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=3618&group_id=509