Bug #2283: J1.6 : Session expired bug - CB - Joomlapolis forge

Custom queries

CB 1.2.2 new items
CB 1.2.3 closed issues
CB 1.3 closed tasks
CB 1.3.1 closed tasks
CB 1.4.0 closed tasks
CB 1.7 closed tasks
CB 1.7.1 closed tasks
CB 1.8.0 closed tasks
CB 1.8.1 closed tasks
CB 1.9 closed tasks
CB 1.9.1 closed tasks
CB 2.0 New features
CB 2.0 Resolved Bugs
CB 2.0.1 Resolved tasks
CB 2.0.10 Resolved tasks
CB 2.0.11 Resolved tasks
CB 2.0.12 Resolved tasks
CB 2.0.13 Resolved tasks
CB 2.0.14 Resolved tasks
CB 2.0.15 Resolved tasks
CB 2.0.2 Resolved tasks
CB 2.0.3 Resolved tasks
CB 2.0.4 Resolved tasks
CB 2.0.5 Resolved tasks
CB 2.0.6 Resolved tasks
CB 2.0.7 Resolved tasks
CB 2.0.8 Resolved tasks
CB 2.0.9 Resolved tasks
CB 2.1 Resolved tasks
CB 2.1.1 Resolved tasks
CB 2.1.2 Resolved tasks
CB 2.1.3 Resolved tasks
CB 2.1.4 Resolved tasks
CB 2.1.5 Resolved tasks
CB 2.1.6 Resolved tasks
CB 2.2 Resolved tasks
CB 2.2.1 Resolved tasks
CB 2.3 Resolved tasks
CB 2.4 Resolved tasks
CB 2.4.1 Resolved tasks
CB 2.4.2 Resolved tasks
CB 2.4.3 Resolved tasks
CB 2.4.4 Resolved tasks
CB 2.4.5 Resolved tasks
CB 2.4.6 Resolved tasks
CB 2.4.7 Resolved tasks
CB 2.5 Resolved tasks
CB 2.6 Resolved tasks
CB 2.6.1 Resolved tasks
CB 2.6.2 Resolved tasks
CB 2.6.3 Resolved tasks
CB 2.6.4 Resolved tasks
CB 2.7 Resolved tasks
CB 2.7.1 Resolved tasks
CB 2.7.2 Resolved tasks
CB 2.7.3 Resolved tasks
CB 2.7.3 Resolved tasks
CB 2.7.4 Resolved tasks
CB 2.8 Resolved tasks
CB 2.8.1 Resolved tasks
CB 2.8.2 Resolved tasks
CB 2.9.0 Resolved tasks
CB 2.9.1 Resolved tasks
CB 2.9.2 Resolved tasks
CB 2.9.3 Resolved tasks
CB 2.10.0 Resolved tasks
CB 2.11.0 Resolved tasks
CB 2.11.1 Tasks left
CB 3.0 Tasks left

Actions

Copy link

Bug #2283

closed

J1.6 : Session expired bug

Bug #2283: J1.6 : Session expired bug

Added by beat almost 15 years ago. Updated almost 15 years ago.

Status:

Closed

Priority:

Normal

Assignee:

beat

Target version:

CB 1.4.0

Start date:

03 February 2011

Due date:

% Done:

100%

Estimated time:

6:00 h

Description

As reported here:
http://www.joomlapolis.com/forum/153-professional-member-support/152956-cb-14-joscoreaclaro-not-there-names-gone

There seems to be a time/timezone session issue in Joomla 1.6.

If you comment to this thread with additional information, please make sure to include following infos for the session expired issue:

which time of day does that happen (in your local browser timezone) ?
what is your local browser timezone ? (UTC+?)
what is the timezone of your server location ? and its timezone setting ?
what is the offset and offset_user setting in configuration.php ?

Files

Download all files

2283.patch (948 Bytes) 2283.patch		krileon, 04 February 2011 22:07
2283a.patch (1014 Bytes) 2283a.patch		krileon, 11 February 2011 23:51
2283b.patch (613 Bytes) 2283b.patch		krileon, 11 February 2011 23:51
2283c.patch (2.17 KB) 2283c.patch		krileon, 11 February 2011 23:51
2283d.patch (1.16 KB) 2283d.patch		krileon, 11 February 2011 23:51
2283e.patch (1.4 KB) 2283e.patch		krileon, 11 February 2011 23:51

History
Notes
Property changes

Updated by krileon almost 15 years ago Actions
Copy link
#1

Assignee set to krileon

Related issue at following thread.

http://www.joomlapolis.com/forum/153-professional-member-support/152845-2283-joomla-16--cb-14-login-problem#152845

Definitely seams date/time related during session/cookie comparison.

Updated by krileon almost 15 years ago Actions
Copy link
#2

$_CB_framework->getCfg( 'offset' ) in Joomla 1.6 does not return the actual offset. This is throwing off all datetimes and times significantly. Within Joomla 1.5.x for example "-5" is returned, but in Joomla 1.6.x "UTC" is returned.

Updated by krileon almost 15 years ago Actions
Copy link
#3

File 2283.patch 2283.patch added
Assignee changed from krileon to beat
% Done changed from 0 to 50

Added new case (with fall through so doesn't affect other CMS) to translate timezone to offset. Don't know if this exactly will fix the session issue, but it should cause their datetimes to match up MUCH better then before.

Updated by beat almost 15 years ago Actions
Copy link
#4

Status changed from New to Assigned
Assignee changed from beat to krileon

r1422 implements first part of fix : timezone was returned as region instead of number on joomla 1.6:

as suggested with following differences:

Comment "NO break; on purpose for fall-through on other CMS:" is not correct, fall-through is not needed, as there is a break below anyway, it's better for phplint to avoid fallthroughs

not sure that all php versions do optimize /60/60 into /3600, so let's do the math ourselves.

added caching for the result in static var.

However, the session issue will still be there if timezone is set incorrectly, compared to server's timezone.

Kyle,
Please try doing following:

Edit plugin_foundation.php and return an offset of 25 !!!

Then see if session bug appears.

That will help find and fix that one.

Updated by krileon almost 15 years ago Actions
Copy link
#5

Assignee changed from krileon to beat

Was never able to duplicate even with a offset of 25. Perhaps is a linux based issue? Am operating on a windows server (localhost).

Updated by beat almost 15 years ago Actions
Copy link
#6

Assignee changed from beat to krileon

Updated by krileon almost 15 years ago Actions
Copy link
#7

Status changed from Assigned to Feedback
Assignee changed from krileon to beat

Could not confirm even on Linux based install. Can be tested http://cb14.tafix.com/ where I have completely remove the offset fix. Could not duplicate. After waiting designated times the session issue never happened. At time of expiration of session I was simply logged out, no error. Logging back in presented no error either.

Updated by krileon almost 15 years ago Actions
Copy link Download all files
#8

File 2283a.patch 2283a.patch added
File 2283b.patch 2283b.patch added
File 2283c.patch 2283c.patch added
File 2283d.patch 2283d.patch added
File 2283e.patch 2283e.patch added
Status changed from Feedback to Resolved
% Done changed from 50 to 100

Spoof checking not entirely compatible with all browsers, hosts, or installs. Too easy to conflict. Patchs will turn the spoof checking into a parameter allowing admin to determine its usage. Default is now also disabled for best compatibility and stability.

Updated by beat almost 15 years ago Actions
Copy link
#9

Status changed from Resolved to Closed

Implemented as suggested in r1441 : Setting to disable spoofing protection if needed by bad server config

But set default to 1 and not to 0, as otherwise existing installations might experiment much more spam.

Actions

Copy link

Also available in: PDF Atom

Project

General

Profile

CB

Custom queries

Bug #2283

J1.6 : Session expired bug

Updated by krileon almost 15 years ago Actions
Copy link
#1

Updated by krileon almost 15 years ago Actions
Copy link
#2

Updated by krileon almost 15 years ago Actions
Copy link
#3

Updated by beat almost 15 years ago Actions
Copy link
#4

Updated by krileon almost 15 years ago Actions
Copy link
#5

Updated by beat almost 15 years ago Actions
Copy link
#6

Updated by krileon almost 15 years ago Actions
Copy link
#7

Updated by krileon almost 15 years ago Actions
Copy link Download all files
#8

Updated by beat almost 15 years ago Actions
Copy link
#9

Project

General

Profile

CB

Custom queries

Bug #2283

J1.6 : Session expired bug

Updated by krileon almost 15 years ago ActionsCopy link #1

Updated by krileon almost 15 years ago ActionsCopy link #2

Updated by krileon almost 15 years ago ActionsCopy link #3

Updated by beat almost 15 years ago ActionsCopy link #4

Updated by krileon almost 15 years ago ActionsCopy link #5

Updated by beat almost 15 years ago ActionsCopy link #6

Updated by krileon almost 15 years ago ActionsCopy link #7

Updated by krileon almost 15 years ago ActionsCopy link Download all files #8

Updated by beat almost 15 years ago ActionsCopy link #9

Updated by krileon almost 15 years ago Actions
Copy link
#1

Updated by krileon almost 15 years ago Actions
Copy link
#2

Updated by krileon almost 15 years ago Actions
Copy link
#3

Updated by beat almost 15 years ago Actions
Copy link
#4

Updated by krileon almost 15 years ago Actions
Copy link
#5

Updated by beat almost 15 years ago Actions
Copy link
#6

Updated by krileon almost 15 years ago Actions
Copy link
#7

Updated by krileon almost 15 years ago Actions
Copy link Download all files
#8

Updated by beat almost 15 years ago Actions
Copy link
#9