SMF 2.0.19 has been released! Please update. Read more.
Started by Orstio, April 01, 2010, 05:46:51 PM
Quote from: Nao on June 07, 2010, 12:23:49 PMNorv has set a RC4 flag on this bug report so I guess he considers it should be fixed as a priority.
Quote from: Nao on June 07, 2010, 12:23:49 PMI myself had many problems in the past with subdomains, but they were mainly due to security violation when submitting forms through Ajax from one subdomain to another. Now, I don't know if this bug is related (I haven't got much time to look into it either.)
Quote from: Nao on June 07, 2010, 12:23:49 PM Is it something that happens because the session variable can't be put into the login form from the non-forum subdomain? Or something that happens AFTER posting the form? Or non-matching session variables?I can't even see a session var in your distant form...
Quote from: Nao on June 07, 2010, 12:23:49 PMBTW, your password is no longer active.
Quote from: Norv on June 07, 2010, 12:42:08 PMMy apologies for the delay, MultiformeIngegno.
Quote from: MultiformeIngegno on June 08, 2010, 10:50:06 AMI've tried your test page and it works!! What does this mean? Are you able to fix SSI.php
Quoteor it works because you are not using SSI.php (bad news, because means that ssi.php remains bugged)? What's the issue with the "default" sessions?
QuoteP.S.: Have you however reproduced this bug on a fresh installation?
Quote from: Arantor on June 08, 2010, 12:02:23 PMNao: I believe the sha1.js is of security implications; remember when the password is sent, assuming JS is enabled, the password is actually hashed before it's sent and sent into a different $_POST element (and the main password item is emptied)