Skip to content
This repository has been archived by the owner on Feb 4, 2021. It is now read-only.

Disable anonymous sessions #251

Closed
stevenrombauts opened this issue Oct 27, 2015 · 0 comments
Closed

Disable anonymous sessions #251

stevenrombauts opened this issue Oct 27, 2015 · 0 comments
Labels
feature
Milestone
1.0.1

Comments

@stevenrombauts
Copy link
Member

Add a configuration option to autostart sessions by default or not. For the site, do not auto-start a session by default, for the admin do auto-start a session by default.
@stevenrombauts stevenrombauts self-assigned this Oct 27, 2015
@stevenrombauts stevenrombauts added this to the 1.1 milestone Oct 27, 2015
stevenrombauts pushed a commit that referenced this issue Oct 27, 2015
#251 - Don't perform a token check on logins, password reminder actions
74d6afb
stevenrombauts pushed a commit that referenced this issue Oct 27, 2015
#251 - Add session_autostart option
7b51eb7 
If auto_start is disabled a session will only start when a session cookie is found.
stevenrombauts pushed a commit that referenced this issue Oct 27, 2015
#251 - Return true in JSession::checkToken if session is not active
a07e0cc
stevenrombauts pushed a commit that referenced this issue Oct 27, 2015
#251 - Always autostart session in administrator
53ac37a
stevenrombauts pushed a commit that referenced this issue Oct 27, 2015
#251 - Prevent session fixation by fixing fork() method
3f24f5b 
Backport JSession::fork() from Joomla 1.5 to make sure the session
ID gets regenerated and the data is copied over into the new session
@stevenrombauts stevenrombauts mentioned this issue Oct 27, 2015
Merged
@johanjanssens johanjanssens modified the milestones: 1.0.1, 1.1 Oct 27, 2015
stevenrombauts pushed a commit that referenced this issue Oct 27, 2015
Revert "#251 - Don't perform a token check on logins, password remind…
4d5d5d9 
…er actions"

This reverts commit 74d6afb. The
JSession::checkToken() method will return true if the session is
not active.

Conflicts:
	app/administrator/components/com_users/controllers/session.php
stevenrombauts pushed a commit that referenced this issue Oct 27, 2015
#251 - Remove fork() call
0dc0064
stevenrombauts pushed a commit that referenced this issue Oct 27, 2015
Revert "#251 - Prevent session fixation by fixing fork() method"
0e0c8ee 
This reverts commit 3f24f5b.
@johanjanssens johanjanssens reopened this Oct 27, 2015
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
feature
Projects
None yet
Milestone
1.0.1
Development

No branches or pull requests
2 participants
@stevenrombauts @johanjanssens