Welcome Guest, Not a member yet? Register   Sign In
session()->stop() not destroying data

The main repo has information about report vulnerabilities.

I mentioned it in the repo yesterday, but it looks like the error was in the documentation.

That's completely my fault, as I originally ported the code and user guide from v3 to v4 and didn't understand the session library enough at that time. AFAIK there has only been one time this was brought to our attention prior to you reporting it recently. I'm guess I didn't go and check the user guide after verifying there was not a bug in the code on that initial report.

The intent of the stop() method, as I understand it, was simply to close the session out, not destroy the session, freeing things up for when under heavy traffic.

We will definitely update the user guide and release another security disclosure about it when we've resolved it. We would have done so earlier if we had realized the error.

Messages In This Thread
session()->stop() not destroying data - by beng - 04-22-2020, 03:51 PM
RE: session()->stop() not destroying data - by kilishan - 05-15-2023, 01:52 PM

Theme © iAndrew 2016 - Forum software by © MyBB