Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#6430] - Fix: Empty Sessions / Logged-in in other accounts Ref #5214

? Success
Pull Request for # 5214

User tests: Successful: Unsuccessful:

avatar enesbil
enesbil
14 Mar 2015

See: http://issues.joomla.org/tracker/joomla-cms/5214

Original report

My community has over 300.000 registered Members and est. 200.000 users daily. When entering joomla, a lot of users get empty sessions. That means, the Session-ID is just "".
If one of these users log in with the empty session, some of the others are also logged in with the same account. They can edit the profile, read/write personal messages etc. That's a huge problem, because no one wants others to enter the profile.

Steps to reproduce the issue

Delete all the cookies, and enter Joomla website.

Expected result

User gets an unique Session-ID.

Actual result

You are logged in as another user and/or share the empty Session-ID with other people. This happens with low likelihood. But if you have lots of users, it happens a lot.

System information (as much as possible)

Joomla: Joomla! 2.5.27 Stable [ Ember ] 30-September-2014 14:00 GMT
Webserver: nginx/1.2.1
Database-version: 5.5.40-0+wheezy1-log
PHP: fpm-fcgi

Additional comments

You can also reproduce this issue, if you change your session-id cookie within browser developer tools.

avatar enesbil enesbil - open - 14 Mar 2015
avatar joomla-cms-bot joomla-cms-bot - change - 14 Mar 2015
Labels Added: ?
avatar zero-24 zero-24 - reference | - 14 Mar 15
avatar zero-24 zero-24 - change - 14 Mar 2015
Category Libraries
avatar zero-24 zero-24 - change - 14 Mar 2015
Rel_Number 5214
Relation Type Pull Request for
avatar zero-24
zero-24 - comment - 14 Mar 2015

Thanks @enesbil i have just send a PR to fix CS issues to make travis happy with us :smile: https://github.com/enesbil/joomla-cms/pull/1/files

This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/6430.
avatar creativeprogramming
creativeprogramming - comment - 15 Mar 2015

thanks @enesbil hope this will get merged

avatar zero-24
zero-24 - comment - 15 Mar 2015

@creativeprogramming are you able to test it? As you report the same issue. Thanks

avatar enesbil enesbil - reference | - 15 Mar 15
avatar creativeprogramming
creativeprogramming - comment - 12 Apr 2015

I started the test for this patch today (sorry for delay but it's a production environment)

I'll let you know if problem disappears with this patch

avatar brianteeman
brianteeman - comment - 12 Nov 2015

@creativeprogramming were you able to test this?

This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/6430.

avatar brianteeman brianteeman - close - 15 Apr 2016
avatar brianteeman brianteeman - close - 15 Apr 2016
avatar brianteeman brianteeman - change - 15 Apr 2016
Status Pending Closed
Closed_Date 0000-00-00 00:00:00 2016-04-15 13:28:51
Closed_By brianteeman
avatar brianteeman
brianteeman - comment - 15 Apr 2016

Thanks to @euismod2336 for pointing out that this is for Joomla 2.5 which is now end of life and unsupported so I am closing this.

This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/6430.

Add a Comment

Login with GitHub to post a comment