History | Log In     View a printable version of the current page.  
   HOME       BROWSE PROJECT       FIND ISSUES   
    QUICK SEARCH:  
Issue Details (XML | Word | Printable)

Key: ZF-4753
Type: Bug Bug
Status: Open Open
Priority: Major Major
Assignee: Ralph Schindler
Reporter: Kevin McArthur
Votes: 0
Watchers: 1
Operations

If you were logged in you would be able to see more operations.
Google issue summary
Zend Framework

Zend_Session_Namespace::setExpirationSeconds does not expire data in files if session abandoned.

Created: 30/Oct/08 03:03 PM   Updated: 30/Oct/08 03:03 PM
Component/s: Zend_Session
Affects Version/s: 1.7 Preview Release
Fix Version/s: None

Time Tracking:
Not Specified

Tags:
Participants: Kevin McArthur and Ralph Schindler


 Description  « Hide
When using persistent cookies and multiple session namespaces, setExpirationSeconds does not expire data unless the session is resumed. Abandoned sessions will leave data in the sess_ files well beyond their expire time.

Requested fix is to modify the garbage collection handler to search through sessions and delete expired data.

  • This bug may result in a security vulnerability where session data may be stored on the server for longer than acceptable intervals.

 All   Comments   Work Log   Change History   FishEye   Crucible      Sort Order: Ascending order - Click to sort in descending order
There are no comments yet on this issue.

Powered by a free Atlassian JIRA open source license for Zend Framework. Try JIRA - bug tracking software for your team.
Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.12.2-#300) - Bug/feature request - Atlassian news - Contact Administrators