self-service-password icon indicating copy to clipboard operation
self-service-password copied to clipboard

Published 20 hours ago verified publisher icon ltb-project

captcha use dedicated session cookie fix #602

Open artlog opened this issue 2 years ago • 2 comments

  • handle whole captcha statefull phrase read within function global_captcha_check
  • there is a dedicated cookie named captcha used to find phrase corresponding to displayed image from server php session
  • make sure to close session that will be recreated for token or smstoken purposes since it is not possible to keep multiple sessions open

TODO :

  • fail captcha earlier without any additonnal checking.
  • use other means to persist data on server side than using session.
  • don't use cookie at all

artlog avatar Jul 18 '22 16:07 artlog

Hello, tested it and it works. We indeed introduce cookies but this should not be blocking.

Would you like to keep working on this issue or are you confident enough to merge it?

coudot avatar Jul 19 '22 15:07 coudot

i'm confident enough that it can be merged, reworking it will be a longer term plan.

artlog avatar Jul 20 '22 05:07 artlog