- π¨π¦Canada gapple
Closing out 7.x issues.
This issue is not known to be present in 8.x releases.
Moshe reports a lot of "Stolen Persistent Login session for user ..." watchdog messages at groups.d.o.
This error only occurs when PL sees a browser delivering a cookie it should not have. Generally this means an attack occurred. But if I suppose that the attack is less likely than a bug or other unexpected situation, I should look for an alternative explanation. I can think of one:
Suppose a user's browser is configured to prompt for cookies instead of just accepting them. When they log in with user/pass, they explicitly accept the TWO cookies (session and PL) they are given. When they later return and use the PL cookie, it will work, and PL will issue a *new* PL cookie, and *maybe the user chooses not to accept this one*, thus keeping the old one. Then, the *next* time the user tries to use the PL cookie, the error will be generated.
I asked the one user with an entry for this in the g.d.o logs about their situation.
Closed: outdated
1.0
Code
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
Closing out 7.x issues.
This issue is not known to be present in 8.x releases.