Hello everyone, first post here.
Upon upgrading to 2.9, I am noticing that the session ID in the URL does not change after logging in and out. The session IDs are updated in the cookies and the database, but not in the URL.
I am using a custom authentication script utilizing a Codeigniter hook to redirect to my own login page, and programmatically logging users in by calling an instance of the Session class (implementation of Single Sign-On).
I am baffled where these old Session IDs popping up in the URLs are coming from. I’ve tried deleting the cookies, clearing the cache, and clearing the session table in the DB. The cookie for session ID maps to a session ID in the DB, but the URL is showing the same one everytime despite logging in/out.
Thanks in advance for any help!
EDIT :
I realized that what is displayed in the URL is actually the fingerprint field from the sessions table, generated using USER_AGENT and a salt. Needless to say, when I had Firebug open the USER_AGENT changed and so the URL kept switching between footprints whenever I clicked on any links in the control panel, creating two sessions in the DB. Deactivating Firebug did not cause that behavior and all CP functionality worked.
Very strange, but here are the two user agents:
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0 FirePHP/0.7.4