[Bb-trac] [bbPress] #1117: bb-settings.php does not preserve
$bb->sitecookiepath
bbPress
bb-trac at lists.bbpress.org
Sun Jun 14 17:42:12 GMT 2009
#1117: bb-settings.php does not preserve $bb->sitecookiepath
-------------------------+--------------------------------------------------
Reporter: junsuijin | Owner: junsuijin
Type: defect | Status: new
Priority: high | Milestone: 1.0
Component: integration | Version: 1.0-rc-2 (trunk)
Severity: major | Keywords: has-patch
-------------------------+--------------------------------------------------
The problem here is that when the sitecookiepath and cookiepath are the
same, there should not be 2 logged_in cookies set (looking at the code in
bb-settings.php this seems the intention). However, $bb->sitecookiepath
always gets the trailing / removed from it before setting the cookie, so
this in practice does not happen, and causes WordPress integration to
somewhat fail (unable to log in from bbPress and then out from WordPress
in a situation where these two cookies should both be the same). In effect
this means users logging in from bbP may think they've logged out if they
do so from WP, because they are redirected to the logout page, and in some
cases even logged out from WP, but never from bbP as well, thus posing a
security risk for public kiosks.
--
Ticket URL: <http://trac.bbpress.org/ticket/1117>
bbPress <http://bbpress.org/>
Innovative forum development
More information about the Bb-trac
mailing list