Wrong cookie domain when site runing on non default port

This is the place to discuss bugs that have been found in the most recent version of PivotX. Posting bugs will ensure that the Development Team is aware of them and that they will be addressed when resources are available.

Wrong cookie domain when site runing on non default port

Postby vvetma » Thu Mar 06, 2014 3:49 pm

Hello,
we are running internal blog site in non-default port (8082 to be exact) and I had issues with administration site. After successful login, each action afterwords resulted in redirection to login page.

PivotX version: 2.3.9
Database type: MySQL

By searching for cause of the problem, i discovered that during initialization of PHP session invalid COOKIE DOMAIN was set.
Source file: objects.php
PHP class: Session
Approximate line number: 2045

In the constructor of Session class, predefined PHP variable $_SERVER["HTTP_HOST"] is used to determine valid cookie domain.
That value also contains a port number appended to the host name. (example: pivotx.pinecone.int:8082).

As far as I know at least Google Chrome and Firefox will discard such a cookie witch results in inability to identify session in any future HTTP request.
As a result, PivotX thinks I'm not logged in ($_SESSION["user"] variable is empty).
vvetma
 
Posts: 1
Joined: Thu Mar 06, 2014 3:29 pm

Re: Wrong cookie domain when site runing on non default port

Postby hansfn » Thu Mar 06, 2014 5:55 pm

You are absolutely right. Thank you for the report. Fixed in revision 4355.
hansfn
Developer
 
Posts: 3280
Joined: Sun Nov 25, 2007 7:48 pm
Location: Molde, Norway


Return to 2.x Bugs

Who is online

Users browsing this forum: No registered users and 3 guests

cron