Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

General Questions /

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

So sick of this error!!


Go to End


10 Posts   4791 Views

Avatar
UncleCheese

Forum Moderator, 4102 Posts

2 October 2009 at 4:30am

Yeah, that character has changed the way I code. :)

Glad I posted this.. This problem plagued me for over a year.

Avatar
Artyom

Community Member, 22 Posts

13 October 2011 at 8:25am

Edited: 13/10/2011 9:33am

This bug *might* also be responsible for odd login behavior and an add cookie / security issue that I've never seen before. When an end user is (incorrectly) given a url to something they shouldn't have access to, like a "?stage=Stage" URL, they try to hit it. After that point they cannot hit *any* page at all on the live site, without SS first trying to authenticate them. crazy! has anyone seen this before??

My client sent a newsletter out to 800 some people with bad URL's and now no one that clicked on them can see the site without clearing thier cookies. grr

[EDIT]
with some help from simon_w and others on IRC, here's what fixed it:

in init()

public function init()
{
if( Session::get('loggedInAs') == null ) {
Versioned::reset();
}
parent::init();
}

So basically, calling a url with ?stage=Stage sets some cookies, so that links work when your browsing the stage site. THat is desired. But in my edge case, that resulted in users repeatedly being authenticated even for ordinary urls. I'm not sure why code like this wouldn't be in core. Does anyone think I should file a bug? thoughts?

Go to Top