We use cookies to help make our site work properly and to analyze how our site is used. Some are optional, but none contain your personal information, and we don't use any for ads. You can view our cookies policy, manage your cookie preferences, or consent and dismiss this banner by clicking agree:

Agree
ExpressionEngine CMS
Open, Free, Amazing

Thread

This is an archived forum and the content is probably no longer relevant, but is provided here for posterity.

The active forums are here.

Bug in Session destroy method introduced in EE 2.6

April 30, 2013 10:38pm

Subscribe [1]

  • #1 / Apr 30, 2013 10:38pm

    truffl

    4 posts

    The code below was introduced into the EE 2.6 Session class (line 459):

      if ($this->userdata[‘session_id’] == 0)
      {
    // just to be sure
    $this->fetch_guest_data();
    return;
    }

    When the session_id starts with a letter (mine did), it evaluates to 0 and passes the test. As a result the session is not destroyed. The solution is to change the test to === as shown below.

      if ($this->userdata[‘session_id’] === 0)
      {
    // just to be sure
    $this->fetch_guest_data();
    return;
    }

    Can someone confirm that my change is appropriate?

.(JavaScript must be enabled to view this email address)

ExpressionEngine News!

#eecms, #events, #releases

© Packet Tide, All Rights Reserved. Legal Notices

Username

Password

Forgot password?
or Register