Details
-
Type:
Bug
-
Status: Done/Fixed
-
Priority:
Major
-
Resolution: Fixed/Completed
-
Affects Version/s: 1.7, 1.8
-
Fix Version/s: 1.8
-
Component/s: None
-
Labels:None
Description
Joomla 1.0.13 changes the admin session code to improve security which broke CiviCRM. From the release announcement:
Improved Administrative Session Security
To address a potential issue known as "session fixation" attacks, we have implemented some small changes into Joomla! 1.0.13 to improve the security of administrative sessions. Administrative sessions will now be destroyed and recreated with each request in order to prevent session fixation and session hijacking attacks.
We expected session_id( ) to return the same value everytime, which it does not with the above fix. hence things broke