View Issue Details

IDProjectCategoryView StatusLast Update
0000963Main CAcert Websitesource codepublic2013-01-15 18:33
ReporterUli60 Assigned ToNEOatNHNG  
PrioritynormalSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Fixed in Version2011 Q3 
Summary0000963: Logout Session not completely reset
Descriptionproblem occurs eg weak password, reset password, good password, logout,
login, reminder -> change your password
Steps To Reproduce1. state account: weak pwd
2. system message - change password
3. walk thru password change
   (is good and ok)
4. logout
5. login
6. system reminder -> change password as of weak password

TagsNo tags attached.
Reviewed byTed, NEOatNHNG
Test Instructions

Relationships

related to 0000637 closedNEOatNHNG Password suggestion always the same 
has duplicate 0000908 closedUli60 Session unregister when logging out seems to contain bugs 
related to 0000909 closedUli60 too many error messages logged by php code 

Activities

Uli60

2011-07-26 21:39

updater   ~0002201

Last edited: 2011-07-26 21:40

(23:35:10) NEOatNHNG: $test = array('bla'=>'blubb', 'foo'=>'bar');
(23:35:10) NEOatNHNG: foreach($test as $key){
(23:35:10) NEOatNHNG: echo $key, ':', $test[$key];
(23:35:10) NEOatNHNG: }

fix

(23:37:28) NEOatNHNG: <?php
(23:37:28) NEOatNHNG: $test = array('bla'=>'blubb', 'foo'=>'bar');
(23:37:28) NEOatNHNG: foreach($test as $key => $value){
(23:37:28) NEOatNHNG: echo $key, ':', $test[$key];

/includes/loggedin.php line 140

alex

2011-07-26 21:40

reporter   ~0002202

Last edited: 2011-07-26 21:42

Unabhängig vom sich am gleichen Browser anschließend einloggenden Benutzer wird die Passwort-Setz-Routine *immer* aufgerufen.

Nach Schließen des Browsers und Neustart ist der Fehler nicht mehr vorhanden!

Ted

2011-07-26 22:17

administrator   ~0002203

Checked in fix to git branch bug-963

alex

2011-07-26 22:31

reporter   ~0002204

Fehler unverändert vorhanden, obwohl Bug-Status auf "needs review & testing"

Uli60

2011-08-01 13:52

updater   ~0002234

create new account test.bug963@ (long pwd)
confirm account
logout
login to admin account
admin - find user - test.bug963@
set pwd: aaaa
logout
login test.bug963@
warning: plz change pwd
old (aaaa) and new pwd entered
Password Changed Successfully
Your Pass Phrase has been updated and your primary email account has been notified of the change.
logout
re-login test.bug963@ with new pwd
no error, no warning => ok

my details - change pwd
new passphrase -> aaaa
Error/Warning
Failure: Password not Changed
The Pass Phrase you submitted was too short. => ok

my details - change pwd
new passphrase -> FredS...
Error/Warning
Failure: Password not Changed
The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored 2 points out of 6. => ok

logout, login
test.bug963@ and long pwd => ok, no error, no warning

seems to be ok
I cannot confirm https://bugs.cacert.org/view.php?id=963#c2204

alex

2011-08-02 20:45

reporter   ~0002248

Bug appears to be fixed now. Tested same as in https://bugs.cacert.org/view.php?id=963#c2204

Logged in with user with weak pwd who is sent to the pwd change form. Logged out without changing pwd, re-login with different user -> no password change request. Before bug fix the second user got the password change request at this point.

alex

2011-08-02 21:18

reporter   ~0002251

Second test as described in bug report (see again below) was also tested successfully:

Test flow:
1. state account: weak pwd
2. system message - change password
3. walk thru password change
   (is good and ok)
4. logout
5. login

=> 6. system reminder -> change password as of weak password <=

No system reminder or the like appeared => Tested successfully

NEOatNHNG

2011-08-02 21:30

administrator   ~0002254

Reviewed: good to go. Testers: please check that all places where one is logged out work properly

Uli60

2011-08-02 22:10

updater   ~0002257

review & deploy

NEOatNHNG

2011-08-02 23:58

administrator   ~0002275

Mail sent to critical admins

wytze

2011-08-03 10:19

developer   ~0002279

Patch applied to production system on August 3, 2011. See also:
https://lists.cacert.org/wws/arc/cacert-systemlog/2011-08/msg00006.html

Werner Dworak

2012-12-21 05:20

updater   ~0003524

More than 3 month fixed and no complaints

Issue History

Date Modified Username Field Change
2011-07-26 21:25 Uli60 New Issue
2011-07-26 21:26 Uli60 Relationship added related to 0000637
2011-07-26 21:39 Uli60 Note Added: 0002201
2011-07-26 21:40 alex Note Added: 0002202
2011-07-26 21:40 Uli60 Note Edited: 0002201
2011-07-26 21:42 alex Note Edited: 0002202
2011-07-26 22:17 Ted Note Added: 0002203
2011-07-26 22:17 Ted Assigned To => Ted
2011-07-26 22:17 Ted Status new => needs review & testing
2011-07-26 22:25 Ted Source_changeset_attached => cacert-devel master a78613a5
2011-07-26 22:31 alex Note Added: 0002204
2011-08-01 13:52 Uli60 Note Added: 0002234
2011-08-02 20:45 alex Note Added: 0002248
2011-08-02 21:18 alex Note Added: 0002251
2011-08-02 21:30 NEOatNHNG Note Added: 0002254
2011-08-02 21:30 NEOatNHNG Status needs review & testing => needs testing
2011-08-02 22:10 Uli60 Note Added: 0002257
2011-08-02 22:10 Uli60 Assigned To Ted => NEOatNHNG
2011-08-02 22:10 Uli60 Status needs testing => needs review
2011-08-02 23:58 NEOatNHNG Note Added: 0002275
2011-08-02 23:58 NEOatNHNG Status needs review => ready to deploy
2011-08-02 23:59 NEOatNHNG Reviewed by => Ted, NEOatNHNG
2011-08-03 10:19 wytze Note Added: 0002279
2011-08-03 10:19 wytze Status ready to deploy => solved?
2011-08-03 10:19 wytze Resolution open => fixed
2011-08-05 14:38 Uli60 Relationship added related to 0000908
2011-08-15 10:32 Uli60 Relationship added related to 0000909
2011-11-23 09:20 Uli60 Relationship replaced has duplicate 0000908
2012-12-21 05:20 Werner Dworak Note Added: 0003524
2012-12-21 05:20 Werner Dworak Status solved? => closed
2013-01-15 17:37 Werner Dworak Product Version => 2011 Q3
2013-01-15 18:33 Werner Dworak Product Version 2011 Q3 =>
2013-01-15 18:33 Werner Dworak Fixed in Version => 2011 Q3