Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-25476

User hash headers should vary on cookie (regression)

    Details

      Description

      The fix for EZP-25204 causes a regression, in that symfony user-hash response headers do not vary by cookie, which causes them to be cached.

      The result is that after a user with rights visits an otherwise unaccessible content, logging out and visiting the same content with anonymous user will be possible

      • Enable symfony http cache or varnish reverse-proxy
      • define a new section and add a document to this section (e.g. /test).
      • anonymous user have rights for read doc in section standard only
      • define a user "b" with read rights to the new section
      • login with user "b" and visit /test
      • logout
      • visit the page again with anonymous and it will be accessible

        Activity

        Show
        Joao Inacio (Inactive) added a comment - PR: https://github.com/ezsystems/ezpublish-kernel/pull/1587
        Show
        Joao Inacio (Inactive) added a comment - Merged to master: https://github.com/ezsystems/ezpublish-kernel/commit/50b4152f842dbb963e3c9e83cf74b9205122e47a
        Hide
        Rui Silva (Inactive) added a comment -

        Tested and approved by QA for 5.4 and master.

        Show
        Rui Silva (Inactive) added a comment - Tested and approved by QA for 5.4 and master.

          People

          • Assignee:
            Unassigned
            Reporter:
            Joao Inacio (Inactive)
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: