[Phpmyadmin-devel] how to allow access to page without token

Michal Čihař michal at cihar.com
Thu Oct 3 15:43:47 CEST 2013


Hi

Dne Thu, 3 Oct 2013 15:34:16 +0200
Mohamed Ashraf <mohamed.ashraf.213 at gmail.com> napsal(a):

> yes normally it is but during logout the token is reset multiple times and
> is changed after the page is loaded somewhere so when the
> get_scripts.js.php is being fetched an old and invalid token is used thus
> the page is not displayed.
> 
> here is what happens:
> 1 - the logout page is requested,
> 2 - token is reset since the user is not logged in
> 3 - then the html is created to load the get_scripts file using this new
> token which is correct
> 4 - some time after this the token is reset again. I dont know where this
> happens. I output the token in the end of the response class response
> method and it is still the same.
> 5 - the request to the get_script file is made using the old token which is
> rejected

I don't see need to load anything from common.inc or do token protection
on get_script, please comment:

https://github.com/phpmyadmin/phpmyadmin/pull/729

-- 
	Michal Čihař | http://cihar.com | http://blog.cihar.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20131003/c5bdaec3/attachment.sig>


More information about the Developers mailing list