Comments (8)
Yeah looks like Codeigniter had a colossal flaw in their session security so they patched it in 2.2.0 but it's killed something in how A3M is doing sessions.
This is what's generated in the log file:ERROR - 2014-07-11 07:05:55 --> Session: HMAC mismatch. The session cookie data did not match what was expected.
And for some odd reason everytime I attempt a login it creates 4 sessions in the database. Only one of which contains the user id data.
from a3m.
I see two changelog items related to sessions:
Security: The Session Library now uses HMAC authentication instead of a simple MD5 checksum.
Fixed a bug in the Session Library where authentication was not performed for encrypted cookies.
I think the issue we have is with the first one.
from a3m.
That makes sense.
Looks like the second one is what started the discussion about codeigniters session security, so they changed the encryption while they were in there.
from a3m.
I think I have the fix. Will push in a moment.
from a3m.
Can you test it to make sure I got it?
from a3m.
Worked like a charm.
Thank you.
from a3m.
Great! I still have one more bug that I discovered while working on v2 to fix and then I'll release the new version.
from a3m.
Cheers ;) Thanks.
I made a workaround in the development environment by adding the Session.php file of the 2.1.4, since the only change was the HMAC authentication, like AdwinTrave said. With this fix i can get the Session.php from 2.2.0.
from a3m.
Related Issues (20)
- Twitter sign in fixed issue HOT 4
- Twitter account/account_linked Invalid or expired token error HOT 2
- Facebook profile picture not appearing on Manage Profile HOT 2
- New Facebook API, getting friends lists and email HOT 10
- Update reCaptcha
- A3M Resend e-mail HOT 2
- Force reset password HOT 5
- MY_Session.php creates error (HMAC mismatch) (StackOverflow solution exists) HOT 2
- rel_account_role_model.php bug : fix included HOT 1
- 404 Error on Social Accounts HOT 12
- account_details_model->update issue, with fix and explanation HOT 3
- Exception not found HOT 3
- Permission Keys??? HOT 2
- application/views/template.php 15th line error and sigup error HOT 3
- Same query ran four times? HOT 3
- Twitter authorization PIN HOT 1
- the projects redirect to http://localhost/xampp/splash.php HOT 2
- Fatal error: Call to undefined function check_reset_password() after signing in HOT 2
- Facebook Not working HOT 4
- Login not work with PHP v7.x
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from a3m.