Uploaded image for project: 'Blesta Core'
  1. Blesta Core
  2. CORE-2783

User log in regenerates session on failure

        Details

        • Type: Bug
        • Status: Closed
        • Priority: Major
        • Resolution: Fixed
        • Affects Version/s: None
        • Fix Version/s: 4.3.1
        • Component/s: Plugins
        • Labels:
          None

          Description

          When attempting to log in to Blesta, the session is regenerated each time. However, it should only regenerate on a successful log in.

          This has the adverse effect of changing CSRF tokens (because they're based on the session), and so any AJAX requests to log in that do not reload the page are unable to make POST requests because the CSRF token is outdated. This occurs, for instance, on the AJAX/Wizard templates of the Order plugin.

            Activity

            There are no comments yet on this issue.

              People

              • Assignee:
                tyson Tyson Phillips (Inactive)
                Reporter:
                tyson Tyson Phillips (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  13/Aug/18

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 hour, 56 minutes
                  1h 56m

                    Agile