Bug #2283
closed
J1.6 : Session expired bug
Description
As reported here:
http://www.joomlapolis.com/forum/153-professional-member-support/152956-cb-14-joscoreaclaro-not-there-names-gone
There seems to be a time/timezone session issue in Joomla 1.6.
If you comment to this thread with additional information, please make sure to include following infos for the session expired issue:
- which time of day does that happen (in your local browser timezone) ?
- what is your local browser timezone ? (UTC+?)
- what is the timezone of your server location ? and its timezone setting ?
- what is the offset and offset_user setting in configuration.php ?
Files
Updated by krileon about 13 years ago
- Assignee set to krileon
Related issue at following thread.
Definitely seams date/time related during session/cookie comparison.
Updated by krileon about 13 years ago
$_CB_framework->getCfg( 'offset' ) in Joomla 1.6 does not return the actual offset. This is throwing off all datetimes and times significantly. Within Joomla 1.5.x for example "-5" is returned, but in Joomla 1.6.x "UTC" is returned.
Updated by krileon about 13 years ago
- File 2283.patch 2283.patch added
- Assignee changed from krileon to beat
- % Done changed from 0 to 50
Added new case (with fall through so doesn't affect other CMS) to translate timezone to offset. Don't know if this exactly will fix the session issue, but it should cause their datetimes to match up MUCH better then before.
Updated by beat about 13 years ago
- Status changed from New to Assigned
- Assignee changed from beat to krileon
r1422 implements first part of fix : timezone was returned as region instead of number on joomla 1.6:
as suggested with following differences:
- Comment "NO break; on purpose for fall-through on other CMS:" is not correct, fall-through is not needed, as there is a break below anyway, it's better for phplint to avoid fallthroughs
- not sure that all php versions do optimize /60/60 into /3600, so let's do the math ourselves.
- added caching for the result in static var.
However, the session issue will still be there if timezone is set incorrectly, compared to server's timezone.
Kyle,
Please try doing following:
Edit plugin_foundation.php and return an offset of 25 !!!
Then see if session bug appears.
That will help find and fix that one.
Updated by krileon about 13 years ago
- Assignee changed from krileon to beat
Was never able to duplicate even with a offset of 25. Perhaps is a linux based issue? Am operating on a windows server (localhost).
Updated by krileon about 13 years ago
- Status changed from Assigned to Feedback
- Assignee changed from krileon to beat
Could not confirm even on Linux based install. Can be tested http://cb14.tafix.com/ where I have completely remove the offset fix. Could not duplicate. After waiting designated times the session issue never happened. At time of expiration of session I was simply logged out, no error. Logging back in presented no error either.
Updated by krileon about 13 years ago
- File 2283a.patch 2283a.patch added
- File 2283b.patch 2283b.patch added
- File 2283c.patch 2283c.patch added
- File 2283d.patch 2283d.patch added
- File 2283e.patch 2283e.patch added
- Status changed from Feedback to Resolved
- % Done changed from 50 to 100
Spoof checking not entirely compatible with all browsers, hosts, or installs. Too easy to conflict. Patchs will turn the spoof checking into a parameter allowing admin to determine its usage. Default is now also disabled for best compatibility and stability.
Updated by beat about 13 years ago
- Status changed from Resolved to Closed
Implemented as suggested in r1441 : Setting to disable spoofing protection if needed by bad server config
But set default to 1 and not to 0, as otherwise existing installations might experiment much more spam.