|
If you were logged in you would be able to see more operations.
|
|
|
|
Joomla 1.0.13 changes the admin session code to improve security which broke CiviCRM. From the release announcement:
Improved Administrative Session Security
To address a potential issue known as "session fixation" attacks, we have implemented some small changes into Joomla! 1.0.13 to improve the security of administrative sessions. Administrative sessions will now be destroyed and recreated with each request in order to prevent session fixation and session hijacking attacks.
We expected session_id( ) to return the same value everytime, which it does not with the above fix. hence things broke
|
|
Description
|
Joomla 1.0.13 changes the admin session code to improve security which broke CiviCRM. From the release announcement:
Improved Administrative Session Security
To address a potential issue known as "session fixation" attacks, we have implemented some small changes into Joomla! 1.0.13 to improve the security of administrative sessions. Administrative sessions will now be destroyed and recreated with each request in order to prevent session fixation and session hijacking attacks.
We expected session_id( ) to return the same value everytime, which it does not with the above fix. hence things broke |
Show » |
|
Bug
Closed
Major
CiviCRM does not work with Joomla 1.0.13
we cache the session_id we use the first time, hence our guaranteed a unique value and we remember and use the same value once we cache it