Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stop killing user session in API requests #791

Closed
rjmackay opened this issue Aug 13, 2012 · 0 comments
Closed

Stop killing user session in API requests #791

rjmackay opened this issue Aug 13, 2012 · 0 comments
Labels
Bug
Milestone
Ushahidi v2.7

Comments

@rjmackay
Copy link
Contributor

Quick fix in #652 kills $_SESSION on each api request.. so if someone hits the API on the frontend it will log users out.
Rework this to just handle API auth separately and statelessly, rather than killing existing sessions.
@eyedol eyedol mentioned this issue Feb 2, 2013
Closed
rjmackay added a commit to rjmackay/Ushahidi_Web that referenced this issue Apr 2, 2013
@rjmackay
Only reset session for non-ajax API requests ushahidi#791
43bfb9d 
* Avoids log out issues when grabbing things via ajax (ie. checkins)
* But prevents CSRF by resetting the session.
* Stil vulnerable with XSS but they could grab the CSRF token anyway.
@rjmackay rjmackay closed this as completed Apr 2, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug
Projects
None yet
Milestone
Ushahidi v2.7
Development

No branches or pull requests
1 participant
@rjmackay