Changeset 591 for trunk


Ignore:
Timestamp:
02/12/14 17:57:06 (11 years ago)
Author:
Kris Deugau
Message:

/trunk

  • Session-handling tweak; set cookies to expire so use of the Back button doesn't result in read-only access to everything.
  • Fiddle group handling in session data and on constructing URLs; side effects possibly related to the session issue caused a user in a subgroup to get mistakenly fed data for the root group - except for the group list in the menu. Arguably security fixes; see #30.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/dns.cgi

    r583 r591  
    219219my $sesscookie = $q->cookie( -name => 'dnsadmin_session',
    220220        -value => $sid,
    221 #        -expires => "+".$dnsdb->{timeout},
     221        -expires => "+".$dnsdb->{timeout},
    222222        -secure => 0,
    223223## fixme:  need to extract root path for cookie, so as to limit cookie to dnsadmin instance
     
    242242      $sesscookie = $q->cookie( -name => 'dnsadmin_session',
    243243        -value => $sid,
    244 #        -expires => "+".$dnsdb->{timeout},
     244        -expires => "+".$dnsdb->{timeout},
    245245        -secure => 0,
    246246## fixme:  need to extract root path for cookie, so as to limit cookie to dnsadmin instance
     
    254254      $session->param('uid',$userdata->{user_id});
    255255      $session->param('username',$webvar{username});
     256      $curgroup = $userdata->{group_id};
    256257
    257258# for reference.  seems we don't need to set these on login any more.
     
    18181819  $page->param(whereami => $uri_self);
    18191820# fill in general URL-to-self
    1820   $page->param(script_self => "$ENV{SCRIPT_NAME}?".($curgroup ? "curgroup=$curgroup" : ''));
     1821  $page->param(script_self => "$ENV{SCRIPT_NAME}?");
    18211822}
    18221823
Note: See TracChangeset for help on using the changeset viewer.