- Sep 13, 2013
-
-
Jared Hancock authored
if the domain given in HTTP_HOST variable happens to have a port specification. Technically, the port specification should not be included in the domain spec given in the cookie. (And for the record, that makes no sense to me, seeing as a cookie would otherwise be valid for all servers on any ports at a particular domain).
-
- Sep 06, 2013
-
-
Jared Hancock authored
Web browsers don't appreciate a cookie domain without any dots. This patch detects the originally-requested domain for the request. If the domain does not contain dots (such as 'localhost' or the name of a local server on your network defined in your hosts file), no cookie domain is sent. The greatest symptom of this issue what the illustrious 'Invalid CSRF token' seen repeatedly on the scp login page. The reason is that the browser was rejecting the cookie from the server. Fixes #677, #672, #653
-
Jared Hancock authored
Web browsers don't appreciate a cookie domain without any dots. This patch detects the originally-requested domain for the request. If the domain does not contain dots (such as 'localhost' or the name of a local server on your network defined in your hosts file), no cookie domain is sent. The greatest symptom of this issue what the illustrious 'Invalid CSRF token' seen repeatedly on the scp login page. The reason is that the browser was rejecting the cookie from the server. Fixes #677, #672, #653
-
- Aug 07, 2013
-
-
Jared Hancock authored
Which will help against clobbering session cookies against other PHP applications shared on a parent domain of the domain hosting osTicket or in a parent folder or virtual folder.
-
- Jul 12, 2013
-
-
Jared Hancock authored
Disable DB session storage. This chews up database space and processing time for a request that will never resume the same session (given the current API model anyway).
-
- May 28, 2013
-
-
Jared Hancock authored
- timezone_offset was dropped from the config table at 1.7-dpr1 - upgrader: only apply five patches in one request - upgrader: fix readPatchInfo to work correctly - session: support migrating from 1.6 (again) - config: support migrating from 1.6 (fallback) - config: no default for 'isonline' setting - config: fix SQL whitespace issue for schema signature fallbacks - config: hash 1.6 versions in the schema signature lookup - upgrader: fix logging bug in attachment migration
-
Jared Hancock authored
Allow (a subset of) the configuration to also be saved in the session to make session-backed data more consistent and compatible with up-and-coming multi-site setups.
-
- May 23, 2013
-
-
Jared Hancock authored
Drop required usage of MyISAM tables, and drop fulltext indexes as they are not used in the code currently anyway. Also, use a blob to store session data so as not to waste space with UTF-8 encoding. Lastly, fix session_id storage to use VARCHAR(255) which is required for versions of MySQL < 5.0.3, and use ascii for the storage model for the session_id as it will contain simple characters only.
-
- Feb 19, 2013
-
-
Peter Rotich authored
-
- Jun 28, 2012
-
-
Jared Hancock authored
Migrate the PHP session from disk to database live. To pull this off, the session contents are written to database under the current session id. When the `ostversion` column is dropped from the %config table, the system will automatically switch to database-backed sessions in osTicket 1.7 mode. This is sort-of hacked together by carefully calling a instance method of the osTicketSession class statically, and modify the instance method to support static invocation.
-
- May 13, 2012
-
-
Peter Rotich authored
-
- Mar 19, 2012
-
-
Jared Hancock authored
-