Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Register
  • Sign in
  • Synchronet Synchronet
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 219
    • Issues 219
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 1
    • Merge requests 1
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Package Registry
    • Container Registry
    • Infrastructure Registry
  • Monitor
    • Monitor
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar

This GitLab instance has migrated as of Nov-5-2022 to a new server: hardware, OS, SSH key

The v3.20a development branch has now been merged to the master branch. Sysops upgrading from earlier versions must run 'jsexec update'

  • MainMain
  • SynchronetSynchronet
  • Merge requests
  • !237

Aripoll auth wtf

  • Review changes

  • Download
  • Email patches
  • Plain diff
Closed echicken requested to merge aripoll-auth-wtf into master Jan 03, 2023
  • Overview 1
  • Commits 2
  • Pipelines 0
  • Changes 1

Sysop aripoll reported inability to log into webv4. BBS is running on "Linux Debian 11 on a raspi 4, 32 bits".

Tracked problem down to session key, which had "undefined" tacked on some hundreds of times, exceeding the max cookie size (I suspect) and mismatching the key between client and server. Each instance of "undefined" should've been a character randomly selected from an array of strings, but was not. Some invalid index was being used to access the array of strings, I don't know what. This seemed to begin after eight iterations, don't know if that was consistent.

I suspect we were running afoul of some platform-specific JS optimization or bug. Made an educated guess and introduced a case where the random number might (but never actually would) be logged; seems to have resolved the problem.

Assignee
Assign to
Reviewers
Request review from
Time tracking
Source branch: aripoll-auth-wtf