Welcome Guest, Not a member yet? Register   Sign In
session()->stop() not destroying data

Is there no urgent way to address major security holes in CodeIgniter? I looked for one, but couldn't find anything. How would somebody responsibly report a newly found major flaw, rather than telling the world before it can be fixed?

Obviously "newly found" does not apply to this problem, but... good grief, SOMEHOW this needs to be escalated and fixed by those who have the knowledge and time to do that.

If nobody can address gaping security holes in CodeIgniter, please tell me now so that I can immediately drop all use of it.

That this major security flaw may have been allowed to exist since 2017 without any serious attention severely damages CI4 credibility. This makes me wonder if I need to immediately abandon CodeIgniter as a lost ship and find something else to build on.

And you can think "fine, go, we don't need you" but ... this is insane. Fix this inexcusable security hole for remaining CodeIgniter developers who don't even know it exists!

How many sites out there - and their users who think they're logging out when, in fact, they're staying logged in for whoever uses that computer next - are vulnerable due to this flaw? I'm glad I didn't put any CI4 code into production. Yikes, what a mess.

And what a harsh demonstration of needing to thoroughly test all functionality, including that which is provided by libraries and frameworks.

Messages In This Thread
session()->stop() not destroying data - by beng - 04-22-2020, 03:51 PM
RE: session()->stop() not destroying data - by Crenel - 05-14-2023, 10:59 PM

Theme © iAndrew 2016 - Forum software by © MyBB