View Issue Details

IDProjectCategoryView StatusLast Update
0006064OXID eShop (all versions)4.02. Session handlingpublic2017-06-29 11:15
Reportergregor.hyneck 
PrioritynormalSeveritymajorReproducibilityrandom
Status acknowledgedResolutionopen 
Product Version 
Target VersionFixed in Version 
Summary0006064: Login in subshop is valid in the parent shop
DescriptionWhen a user logs in the subshop, he is also logged in the parent shop (when opening them both in two browser tabs). The sid cookies of both shops remain the same if you refresh the tabs alternating. They do not refresh their sid cookie because the variable actshop is written to $_SESSION before session_start() was called (e.g. in oxconfig::init()). The variables written to $_SESSION before session_start() are not reliable (sometimes they get deleted, sometimes not).
Steps To Reproduce- create a subshop which inherits "settings, articles" from the parent shop (version EE 5.23)
- check that confbools[blMallUsers] is set to unchecked in the parent shop mall tab
- open 2 tabs in your Browser (Firefox 36 or Chrome 40): one with the parent shop and one with the subshop (&shp=2)
- create an account within the subshop and login
- reload the tab with the parent shop: user from subshop is logged in the parent shop. The value of the sid-cookie gets not refreshed for the parent subshop.
Additional InformationA bloody hotfix would be to save the variables of $_SESSION before session_start() and restore them afterwards.
TagsEE
ThemeAzure
BrowserAll
PHP Version5.3
MySQL Version5.5

Relationships

related to 0003075 resolvedLinas Kukulskis Active subshop ID value is dropped from session, default shop id is set 

Activities

There are no notes attached to this issue.