PhotoPost Community - View Single Post - BUG report! PhPBB / Photopost session handling

bcddd214 · April 21st, 2007, 01:57 PM

Photopost has a definite bug in the cookie based session handling.
Photopost 5.5
PhP 4.3
PhPBB v unknown
Apache webserver
IE 7.0
FireFox

Fresh install of Photopost with PhPBB integration

Symtoms:
Users log into PhPBB interface script and maintain login status upon redirect.
When user clicks the Photopost section (Using FireFox), the user looses their login status. IE 7.0 works just fine.

Cookie Path = /
Cookie Prefix = phpbb2mysql
Cookie domain = "blank"

When cookie path is changed to .domain.com

Neither IE 7.0 or FireFox work!

Packet captures shows browser side is working correctly with session id handling with "blank domain"

Using IE 7.0

GET /phpbb/index.php?tab=photo_gallery&sid=1a567b967e64b25c99e5be7570404504 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/xaml+xml, application/vnd.ms-xpsdocument, application/x-ms-xbap, application/x-ms-application, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://www.colormegorgeous.com/
Accept-Language: en-us
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 1.1.4322)
Host: www.colormegorgeous.com
Connection: Keep-Alive
Cookie: PHPSESSID=108c923e1870129da4f82ad32f84e75c; phpbb2mysql_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22user

Here is Firefox

DATA:
GET /images/home_b_n.jpg HTTP/1.1
Host: www.colormegorgeous.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
Accept: image/png,*/*;q=0.5
Accept-Language: en-us
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.colormegorgeous.com/photopost2/index.php
Cookie: PHPSESSID=61644db36c21926a6717b203deb050f8; __utma=13750821.1729382399.1177171796.1177171796.1177171796.1; __utmb=13750821; __utmc=13750821; __utmz=13750821.1177171796.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); phpbb2mysql_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bs%3A2%3A%2259%22%3B%7D; phpbb2mysql_sid=fb60bd562db0ddc83560a174

Kindly fix your software and get back to us with the patch!

A step by step integration instead of a fresh install to allow users to maintain session handling would be very much appreciated!

We are paid and registered customers!

Brad
bcddd214@yahoo.com

April 21st, 2007, 01:57 PM	#1 (permalink)
bcddd214 Junior Member Verified Customer Join Date: Apr 2007 Posts: 28	BUG report! PhPBB / Photopost session handling Photopost has a definite bug in the cookie based session handling. Photopost 5.5 PhP 4.3 PhPBB v unknown Apache webserver IE 7.0 FireFox Fresh install of Photopost with PhPBB integration Symtoms: Users log into PhPBB interface script and maintain login status upon redirect. When user clicks the Photopost section (Using FireFox), the user looses their login status. IE 7.0 works just fine. Cookie Path = / Cookie Prefix = phpbb2mysql Cookie domain = "blank" When cookie path is changed to .domain.com Neither IE 7.0 or FireFox work! Packet captures shows browser side is working correctly with session id handling with "blank domain" Using IE 7.0 GET /phpbb/index.php?tab=photo_gallery&sid=1a567b967e64b25c99e5be7570404504 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/xaml+xml, application/vnd.ms-xpsdocument, application/x-ms-xbap, application/x-ms-application, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, / Referer: http://www.colormegorgeous.com/ Accept-Language: en-us UA-CPU: x86 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 1.1.4322) Host: www.colormegorgeous.com Connection: Keep-Alive Cookie: PHPSESSID=108c923e1870129da4f82ad32f84e75c; phpbb2mysql_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22user Here is Firefox DATA: GET /images/home_b_n.jpg HTTP/1.1 Host: www.colormegorgeous.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3 Accept: image/png,/;q=0.5 Accept-Language: en-us Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://www.colormegorgeous.com/photopost2/index.php Cookie: PHPSESSID=61644db36c21926a6717b203deb050f8; __utma=13750821.1729382399.1177171796.1177171796.1177171796.1; __utmb=13750821; __utmc=13750821; __utmz=13750821.1177171796.1.1.utmccn=(direct)\|utmcsr=(direct)\|utmcmd=(none); phpbb2mysql_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bs%3A2%3A%2259%22%3B%7D; phpbb2mysql_sid=fb60bd562db0ddc83560a174 Kindly fix your software and get back to us with the patch! A step by step integration instead of a fresh install to allow users to maintain session handling would be very much appreciated! We are paid and registered customers! Brad bcddd214@yahoo.com Last edited by bcddd214; April 21st, 2007 at 02:06 PM.*