Closed Bug 278931 Opened 20 years ago Closed 20 years ago

URL includes Session ID

Categories

(addons.mozilla.org Graveyard :: Developer Pages, defect)

Product:
addons.mozilla.org Graveyard
Component:
Developer Pages
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: Bugzilla-alanjstrBugs, Assigned: Bugzilla-alanjstrBugs)

References

(
URL
)

Details

Attachments

(1 file)

patch
845 bytes, patch
Bugzilla-alanjstrBugs
: first-review+
Details | Diff | Splinter Review 
I have no idea why, but it looks like we're potentially exposing the session id.
 That doesn't mean we're using it.  Although after logging in, and changing the
url manually to /developers/index.php, it redirects me to
/developers/main.php?sid=.  So $sid isn't exposed in this situation.  But that
doesn't mean I trust it to be safe in all situations.  Better to just remove it
from the URL.
Usually, this is controlled by a php.ini setting server-side.. I doubt there's
actually a variable to print it. :-) Not that anybody ever checked out a bug
before filing it on this project. *ever*
Target Milestone: 1.0 → 1.1
Whiteboard: landme
Attached patch patchSplinter Review 

        Attachment #172030 -
        Flags: first-review?(Bugzilla-alanjstrBugs)

    
  

        Attachment #172030 -
        Flags: first-review?(Bugzilla-alanjstrBugs) → first-review+

    
    

    
  
landed on trunk & branch
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Product: addons.mozilla.org → addons.mozilla.org Graveyard

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: