Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-25476

User hash headers should vary on cookie (regression)

    XMLWordPrintable

    Details

      Description

      The fix for EZP-25204 causes a regression, in that symfony user-hash response headers do not vary by cookie, which causes them to be cached.

      The result is that after a user with rights visits an otherwise unaccessible content, logging out and visiting the same content with anonymous user will be possible

      • Enable symfony http cache or varnish reverse-proxy
      • define a new section and add a document to this section (e.g. /test).
      • anonymous user have rights for read doc in section standard only
      • define a user "b" with read rights to the new section
      • login with user "b" and visit /test
      • logout
      • visit the page again with anonymous and it will be accessible

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            joao.inacio-obsolete@ez.no Joao Inacio (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: