Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Store session ID hashed in the DB #15390

Merged
merged 1 commit into from Jan 20, 2020
Merged

Store session ID hashed in the DB #15390

merged 1 commit into from Jan 20, 2020

Conversation

tsteur
Copy link
Member

@tsteur tsteur commented Jan 14, 2020

No description provided.

@tsteur tsteur added the Needs Review PRs that need a code review label Jan 14, 2020
@tsteur tsteur added this to the 4.0.0 milestone Jan 14, 2020
@sgiehl
Copy link
Member

sgiehl commented Jan 20, 2020

Looks good and works locally. Wondering if that might make any problems while updating. If the user is currently logged in, I guess he will be automatically logged out with the code changes as the session can't be found anymore 🤔

@tsteur
Copy link
Member Author

tsteur commented Jan 20, 2020

@sgiehl it should be fine if they are logged out since they will still be able to complete the updater. Once updating is started basically anyone can complete it.

@tsteur tsteur merged commit 9af1598 into 4.x-dev Jan 20, 2020
@tsteur tsteur deleted the hashsessionid branch January 20, 2020 18:52
@mattab mattab added the c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. label Sep 29, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. Needs Review PRs that need a code review
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants