Mon, 03 Aug 2009 02:58:43 -0400 Sessions: fixed logout() destroying normal session (instead of elevated) if $level = USER_LEVEL_CHPREF. Possible very minor security concern: elevated sessions were not fully destroyed, so if a normal session is opened from the same IP, the elevated one may be reusable for 15 minutes.
Dan [Mon, 03 Aug 2009 02:58:43 -0400] rev 1071
Sessions: fixed logout() destroying normal session (instead of elevated) if $level = USER_LEVEL_CHPREF. Possible very minor security concern: elevated sessions were not fully destroyed, so if a normal session is opened from the same IP, the elevated one may be reusable for 15 minutes.
(0) -1000 -300 -100 -30 -10 -1 +1 +10 +30 +100 +300 tip