Skip to content
Snippets Groups Projects
  1. Sep 13, 2013
    • Jared Hancock's avatar
      Fixes cookie domain specification · eecd0b1a
      Jared Hancock authored
      if the domain given in HTTP_HOST variable happens to have a port
      specification. Technically, the port specification should not be included in
      the domain spec given in the cookie.
      
      (And for the record, that makes no sense to me, seeing as a cookie would
      otherwise be valid for all servers on any ports at a particular domain).
      eecd0b1a
  2. Sep 06, 2013
    • Jared Hancock's avatar
      Fix cookie domain for localhost · faeed43c
      Jared Hancock authored
      Web browsers don't appreciate a cookie domain without any dots. This patch
      detects the originally-requested domain for the request. If the domain does
      not contain dots (such as 'localhost' or the name of a local server on your
      network defined in your hosts file), no cookie domain is sent.
      
      The greatest symptom of this issue what the illustrious 'Invalid CSRF token'
      seen repeatedly on the scp login page. The reason is that the browser was
      rejecting the cookie from the server.
      
      Fixes #677, #672, #653
      faeed43c
    • Jared Hancock's avatar
      Fix cookie domain for localhost · 8e72e521
      Jared Hancock authored
      Web browsers don't appreciate a cookie domain without any dots. This patch
      detects the originally-requested domain for the request. If the domain does
      not contain dots (such as 'localhost' or the name of a local server on your
      network defined in your hosts file), no cookie domain is sent.
      
      The greatest symptom of this issue what the illustrious 'Invalid CSRF token'
      seen repeatedly on the scp login page. The reason is that the browser was
      rejecting the cookie from the server.
      
      Fixes #677, #672, #653
      8e72e521
  3. Aug 07, 2013
    • Jared Hancock's avatar
      Use a non-standard session cookie name · a39f0899
      Jared Hancock authored
      Which will help against clobbering session cookies against other PHP
      applications shared on a parent domain of the domain hosting osTicket or in
      a parent folder or virtual folder.
      a39f0899
  4. Jul 12, 2013
    • Jared Hancock's avatar
      Make API requests stateless · 908e0ad0
      Jared Hancock authored
      Disable DB session storage. This chews up database space and processing time
      for a request that will never resume the same session (given the current API
      model anyway).
      908e0ad0
  5. May 28, 2013
    • Jared Hancock's avatar
      Various bug-fixes for the upgrader · 0e0f6dcb
      Jared Hancock authored
      - timezone_offset was dropped from the config table at 1.7-dpr1
      - upgrader: only apply five patches in one request
      - upgrader: fix readPatchInfo to work correctly
      - session: support migrating from 1.6 (again)
      - config: support migrating from 1.6 (fallback)
      - config: no default for 'isonline' setting
      - config: fix SQL whitespace issue for schema signature fallbacks
      - config: hash 1.6 versions in the schema signature lookup
      - upgrader: fix logging bug in attachment migration
      0e0f6dcb
    • Jared Hancock's avatar
      Add persistence configuration · 517f86c4
      Jared Hancock authored
      Allow (a subset of) the configuration to also be saved in the session to
      make session-backed data more consistent and compatible with up-and-coming
      multi-site setups.
      517f86c4
  6. May 23, 2013
    • Jared Hancock's avatar
      Use database default storage engine · 55e1c8ec
      Jared Hancock authored
      Drop required usage of MyISAM tables, and drop fulltext indexes as they
      are not used in the code currently anyway. Also, use a blob to store
      session data so as not to waste space with UTF-8 encoding. Lastly, fix
      session_id storage to use VARCHAR(255) which is required for versions
      of MySQL < 5.0.3, and use ascii for the storage model for the
      session_id as it will contain simple characters only.
      55e1c8ec
  7. Feb 19, 2013
  8. Jun 28, 2012
    • Jared Hancock's avatar
      Live migrate the PHP session to database · b2b2ebba
      Jared Hancock authored
      Migrate the PHP session from disk to database live. To pull this off, the
      session contents are written to database under the current session id. When
      the `ostversion` column is dropped from the %config table, the system will
      automatically switch to database-backed sessions in osTicket 1.7 mode.
      
      This is sort-of hacked together by carefully calling a instance method of
      the osTicketSession class statically, and modify the instance method to
      support static invocation.
      b2b2ebba
  9. May 13, 2012
  10. Mar 19, 2012
Loading