Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.6.4

Request #18035 Bug with session_regenerate_id()
Submitted: 2010-11-09 06:11 UTC
From: mdpro Assigned:
Status: Open Package: Auth (version 1.6.4)
PHP Version: 5.2.5 OS:
Roadmaps: (Not assigned)    
Subscription  
Comments Add Comment Add patch


Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know! Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem : 49 - 18 = ?

 
 [2010-11-09 06:11 UTC] mdpro (Max Lysenko)
Description: ------------ Sorry about my English but u had strange problem. On my web-site i have different private-zones. On each zone i use different session name for auth (setSessionName). But, in IE and Opera, when i login to one private zone (for client), and then in different tab i login the second private zone (for admin panel) it dont login. I find the problem many hours :) and found it. When i comment up session_regenerate_id(true); on line 830 it works without bug! But its mirror for fixation atack. Real. I made this: if (!$this->regenerateSessionId and !$this- >_isAdvancedSecurityEnabled()) { session_regenerate_id(true); } If AdvadsedSecurity is off - it dont need to regenerate session id, because checking for user ip and agent is the best difference for fixation atack. Please think about my problem. I think i am no ONE who had it. And also. In IE and Opera not every time work fine cookiechallenge advansedsecurity. In my situation i switch it off. And now all work fine.

Comments