if ssid is empty on a session, a new session is generated.

Created on 24 April 2012, over 12 years ago
Updated 26 November 2024, 27 days ago

if ssid is empty on a session, a new session is generated.
Specifically - if you update a site with the patches for secure pages but use an existing session, your session is not upgraded to work and is instead replaced - for https.
if you switch back to http, the old session is used instead.

Suggestion : have a way to invalidate sessions where ssid is blank when securepages is enabled?

I'm a little unclear on what to do, other than it impacts http://drupal.org/node/1050746 (HTTPS sessions not working in all cases)
Perhaps I can instruct the customer to clear out sessions where ssid='' after they've updated.

πŸ› Bug report
Status

Closed: outdated

Version

1.0

Component

Code

Created by

πŸ‡¨πŸ‡¦Canada teunis

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • πŸ‡ΊπŸ‡¦Ukraine AstonVictor

    I'm closing it because the issue was created a long time ago without any further steps.

    if you still need it then raise a new one.
    thanks

Production build 0.71.5 2024