Uploaded image for project: 'Blesta Core'
  1. Blesta Core
  2. CORE-2783

User log in regenerates session on failure

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.3.1
    • Component/s: Plugins
    • Labels:
      None

      Description

      When attempting to log in to Blesta, the session is regenerated each time. However, it should only regenerate on a successful log in.

      This has the adverse effect of changing CSRF tokens (because they're based on the session), and so any AJAX requests to log in that do not reload the page are unable to make POST requests because the CSRF token is outdated. This occurs, for instance, on the AJAX/Wizard templates of the Order plugin.

        Activity

          People

          • Assignee:
            tyson Tyson Phillips (Inactive)
            Reporter:
            tyson Tyson Phillips (Inactive)
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:
              Fix Release Date:
              13/Aug/18

              Time Tracking

              Estimated:
              Original Estimate - Not Specified
              Not Specified
              Remaining:
              Remaining Estimate - 0 minutes
              0m
              Logged:
              Time Spent - 1 hour, 56 minutes
              1h 56m

                Agile