Skip to content
Snippets Groups Projects
  1. Mar 18, 2016
  2. Jul 21, 2015
  3. May 15, 2015
  4. May 13, 2015
  5. May 08, 2015
  6. Feb 06, 2015
  7. Jul 18, 2014
    • Jared Hancock's avatar
      session: Override PHP default for session lifetime · 709c5975
      Jared Hancock authored
      The PHP.ini default is 1440 seconds (24 minutes). This should be configured
      to something significantly higher so that the settings in the admin panel
      concerning session timeouts are relevant.
      
      Ideally, the settings from the control panel would be used, but currently
      there is an inter-dependency between session and config startups.
      709c5975
  8. May 26, 2014
    • Jared Hancock's avatar
      session: Properly track new sessions · 3828a649
      Jared Hancock authored
      ee91d179 introduced a slightly different
      tracking system for detecting sessions. Instead of completely disabling the
      session system for AJAX and cron requests, it detects if the session is new
      or not based on the session_id() and existing data in the session backend.
      
      However, the patch did not correctly determine if a session was new.
      Instead, it flagged all session as existing. This patch fixes the detection
      of existing session data so that AJAX and cron requests can operate without
      writing session data to the backend.
      3828a649
  9. Apr 25, 2014
    • Jared Hancock's avatar
      Add some framework for external authentication · ee91d179
      Jared Hancock authored
      DISABLE_SESSION define is changed so that existing session are continued
      but new sessions are not saved. This allows external auth backends to
      redirect to an external site and that site redirect back to a `/api` URL and
      the user's session will be continued.
      ee91d179
  10. Feb 18, 2014
  11. Feb 13, 2014
  12. Jan 15, 2014
  13. Sep 23, 2013
    • Jared Hancock's avatar
      Fix 1.6-* upgrade to 1.7.1 · c3349266
      Jared Hancock authored
      8e72e521 (v1.7.1.2+) introduced a bug where
      osTicket version 1.6 would not send a cookie (by calling PHP
      session_start()) for the login page. Therefore, after unpacking the 1.7.1
      source code, an upgrade would not be possible, because a login would never
      be processed correctly.
      c3349266
  14. Sep 13, 2013
    • Jared Hancock's avatar
      Fixes cookie domain specification · eecd0b1a
      Jared Hancock authored
      if the domain given in HTTP_HOST variable happens to have a port
      specification. Technically, the port specification should not be included in
      the domain spec given in the cookie.
      
      (And for the record, that makes no sense to me, seeing as a cookie would
      otherwise be valid for all servers on any ports at a particular domain).
      eecd0b1a
  15. Sep 06, 2013
    • Jared Hancock's avatar
      Fix cookie domain for localhost · faeed43c
      Jared Hancock authored
      Web browsers don't appreciate a cookie domain without any dots. This patch
      detects the originally-requested domain for the request. If the domain does
      not contain dots (such as 'localhost' or the name of a local server on your
      network defined in your hosts file), no cookie domain is sent.
      
      The greatest symptom of this issue what the illustrious 'Invalid CSRF token'
      seen repeatedly on the scp login page. The reason is that the browser was
      rejecting the cookie from the server.
      
      Fixes #677, #672, #653
      faeed43c
    • Jared Hancock's avatar
      Fix cookie domain for localhost · 8e72e521
      Jared Hancock authored
      Web browsers don't appreciate a cookie domain without any dots. This patch
      detects the originally-requested domain for the request. If the domain does
      not contain dots (such as 'localhost' or the name of a local server on your
      network defined in your hosts file), no cookie domain is sent.
      
      The greatest symptom of this issue what the illustrious 'Invalid CSRF token'
      seen repeatedly on the scp login page. The reason is that the browser was
      rejecting the cookie from the server.
      
      Fixes #677, #672, #653
      8e72e521
  16. Aug 07, 2013
    • Jared Hancock's avatar
      Use a non-standard session cookie name · a39f0899
      Jared Hancock authored
      Which will help against clobbering session cookies against other PHP
      applications shared on a parent domain of the domain hosting osTicket or in
      a parent folder or virtual folder.
      a39f0899
  17. Jul 12, 2013
    • Jared Hancock's avatar
      Make API requests stateless · 908e0ad0
      Jared Hancock authored
      Disable DB session storage. This chews up database space and processing time
      for a request that will never resume the same session (given the current API
      model anyway).
      908e0ad0
  18. May 28, 2013
    • Jared Hancock's avatar
      Various bug-fixes for the upgrader · 0e0f6dcb
      Jared Hancock authored
      - timezone_offset was dropped from the config table at 1.7-dpr1
      - upgrader: only apply five patches in one request
      - upgrader: fix readPatchInfo to work correctly
      - session: support migrating from 1.6 (again)
      - config: support migrating from 1.6 (fallback)
      - config: no default for 'isonline' setting
      - config: fix SQL whitespace issue for schema signature fallbacks
      - config: hash 1.6 versions in the schema signature lookup
      - upgrader: fix logging bug in attachment migration
      0e0f6dcb
    • Jared Hancock's avatar
      Add persistence configuration · 517f86c4
      Jared Hancock authored
      Allow (a subset of) the configuration to also be saved in the session to
      make session-backed data more consistent and compatible with up-and-coming
      multi-site setups.
      517f86c4
  19. May 23, 2013
    • Jared Hancock's avatar
      Use database default storage engine · 55e1c8ec
      Jared Hancock authored
      Drop required usage of MyISAM tables, and drop fulltext indexes as they
      are not used in the code currently anyway. Also, use a blob to store
      session data so as not to waste space with UTF-8 encoding. Lastly, fix
      session_id storage to use VARCHAR(255) which is required for versions
      of MySQL < 5.0.3, and use ascii for the storage model for the
      session_id as it will contain simple characters only.
      55e1c8ec
  20. Feb 19, 2013
  21. Jun 28, 2012
    • Jared Hancock's avatar
      Live migrate the PHP session to database · b2b2ebba
      Jared Hancock authored
      Migrate the PHP session from disk to database live. To pull this off, the
      session contents are written to database under the current session id. When
      the `ostversion` column is dropped from the %config table, the system will
      automatically switch to database-backed sessions in osTicket 1.7 mode.
      
      This is sort-of hacked together by carefully calling a instance method of
      the osTicketSession class statically, and modify the instance method to
      support static invocation.
      b2b2ebba
  22. May 13, 2012
  23. Mar 19, 2012
Loading