Skip to content
Snippets Groups Projects
  1. Apr 25, 2014
    • Jared Hancock's avatar
      Add some framework for external authentication · ee91d179
      Jared Hancock authored
      DISABLE_SESSION define is changed so that existing session are continued
      but new sessions are not saved. This allows external auth backends to
      redirect to an external site and that site redirect back to a `/api` URL and
      the user's session will be continued.
      ee91d179
  2. Feb 18, 2014
  3. Feb 13, 2014
  4. Jan 15, 2014
  5. Sep 23, 2013
    • Jared Hancock's avatar
      Fix 1.6-* upgrade to 1.7.1 · c3349266
      Jared Hancock authored
      8e72e521 (v1.7.1.2+) introduced a bug where
      osTicket version 1.6 would not send a cookie (by calling PHP
      session_start()) for the login page. Therefore, after unpacking the 1.7.1
      source code, an upgrade would not be possible, because a login would never
      be processed correctly.
      c3349266
  6. Sep 13, 2013
    • Jared Hancock's avatar
      Fixes cookie domain specification · eecd0b1a
      Jared Hancock authored
      if the domain given in HTTP_HOST variable happens to have a port
      specification. Technically, the port specification should not be included in
      the domain spec given in the cookie.
      
      (And for the record, that makes no sense to me, seeing as a cookie would
      otherwise be valid for all servers on any ports at a particular domain).
      eecd0b1a
  7. Sep 06, 2013
    • Jared Hancock's avatar
      Fix cookie domain for localhost · faeed43c
      Jared Hancock authored
      Web browsers don't appreciate a cookie domain without any dots. This patch
      detects the originally-requested domain for the request. If the domain does
      not contain dots (such as 'localhost' or the name of a local server on your
      network defined in your hosts file), no cookie domain is sent.
      
      The greatest symptom of this issue what the illustrious 'Invalid CSRF token'
      seen repeatedly on the scp login page. The reason is that the browser was
      rejecting the cookie from the server.
      
      Fixes #677, #672, #653
      faeed43c
    • Jared Hancock's avatar
      Fix cookie domain for localhost · 8e72e521
      Jared Hancock authored
      Web browsers don't appreciate a cookie domain without any dots. This patch
      detects the originally-requested domain for the request. If the domain does
      not contain dots (such as 'localhost' or the name of a local server on your
      network defined in your hosts file), no cookie domain is sent.
      
      The greatest symptom of this issue what the illustrious 'Invalid CSRF token'
      seen repeatedly on the scp login page. The reason is that the browser was
      rejecting the cookie from the server.
      
      Fixes #677, #672, #653
      8e72e521
  8. Aug 07, 2013
    • Jared Hancock's avatar
      Use a non-standard session cookie name · a39f0899
      Jared Hancock authored
      Which will help against clobbering session cookies against other PHP
      applications shared on a parent domain of the domain hosting osTicket or in
      a parent folder or virtual folder.
      a39f0899
  9. Jul 12, 2013
    • Jared Hancock's avatar
      Make API requests stateless · 908e0ad0
      Jared Hancock authored
      Disable DB session storage. This chews up database space and processing time
      for a request that will never resume the same session (given the current API
      model anyway).
      908e0ad0
  10. May 28, 2013
    • Jared Hancock's avatar
      Various bug-fixes for the upgrader · 0e0f6dcb
      Jared Hancock authored
      - timezone_offset was dropped from the config table at 1.7-dpr1
      - upgrader: only apply five patches in one request
      - upgrader: fix readPatchInfo to work correctly
      - session: support migrating from 1.6 (again)
      - config: support migrating from 1.6 (fallback)
      - config: no default for 'isonline' setting
      - config: fix SQL whitespace issue for schema signature fallbacks
      - config: hash 1.6 versions in the schema signature lookup
      - upgrader: fix logging bug in attachment migration
      0e0f6dcb
    • Jared Hancock's avatar
      Add persistence configuration · 517f86c4
      Jared Hancock authored
      Allow (a subset of) the configuration to also be saved in the session to
      make session-backed data more consistent and compatible with up-and-coming
      multi-site setups.
      517f86c4
  11. May 23, 2013
    • Jared Hancock's avatar
      Use database default storage engine · 55e1c8ec
      Jared Hancock authored
      Drop required usage of MyISAM tables, and drop fulltext indexes as they
      are not used in the code currently anyway. Also, use a blob to store
      session data so as not to waste space with UTF-8 encoding. Lastly, fix
      session_id storage to use VARCHAR(255) which is required for versions
      of MySQL < 5.0.3, and use ascii for the storage model for the
      session_id as it will contain simple characters only.
      55e1c8ec
  12. Feb 19, 2013
  13. Jun 28, 2012
    • Jared Hancock's avatar
      Live migrate the PHP session to database · b2b2ebba
      Jared Hancock authored
      Migrate the PHP session from disk to database live. To pull this off, the
      session contents are written to database under the current session id. When
      the `ostversion` column is dropped from the %config table, the system will
      automatically switch to database-backed sessions in osTicket 1.7 mode.
      
      This is sort-of hacked together by carefully calling a instance method of
      the osTicketSession class statically, and modify the instance method to
      support static invocation.
      b2b2ebba
  14. May 13, 2012
  15. Mar 19, 2012
Loading