• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use View topic Item7848 for generic doc work for TWiki-6.1.1. Use View topic Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
Does this site look broken?. Use the LitterTray web for test cases.

Item7543: Disallow SESSION_VARIABLE variable to set/get/clear session variables starting with underscore

Item Form Data

AppliesTo: Component: Priority: CurrentState: WaitingFor: TargetRelease ReleasedIn
Engine   Enhancement Closed   patch 6.0.1

Edit Form Data

Summary:
Reported By:
Codebase:
Applies To:
Component:
Priority:
Current State:
Waiting For:
Target Release:
Released In:
 

Detail

TWiki extensions can set/get/clear session variables persistently per user session with the TWiki::Func API. The session variables can be manipulated with the SESSION_VARIABLE variable.

In some cases it is desirable to hide extension specific session variables from the SESSION_VARIABLE variable. For example, the EmailTwoStepAuthContrib needs to safely store the access code, so that it can't be highjacked by an intruder.

This small no-brainer enhancement: Session variable names starting with an underscore, such as _XYZ, can't be set/get/cleared using the SESSION_VARIABLE variable.

-- TWiki:Main/PeterThoeny - 2014-08-14

ItemTemplate
Summary Disallow SESSION_VARIABLE variable to set/get/clear session variables starting with underscore
ReportedBy TWiki:Main.PeterThoeny
Codebase ~twiki4, 6.0.0
SVN Range TWiki-6.0.1-trunk, Thu, 07 Aug 2014, build 27861
AppliesTo Engine
Component

Priority Enhancement
CurrentState Closed
WaitingFor

Checkins TWikirev:27903 TWikirev:27904 TWikirev:27905 TWikirev:27906
TargetRelease patch
ReleasedIn 6.0.1
Edit | Attach | Watch | Print version | History: r7 < r6 < r5 < r4 < r3 | Backlinks | Raw View |  Raw edit | More topic actions
Topic revision: r7 - 2014-10-06 - PeterThoeny
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback