Skip to content
Snippets Groups Projects

Aripoll auth wtf

Merged Aripoll auth wtf
aripoll-auth-wtf into master
Merged echicken requested to merge aripoll-auth-wtf into master

Sysop aripoll reported inability to log into webv4. BBS is running on "Linux Debian 11 on a raspi 4, 32 bits".

Tracked problem down to session key, which had "undefined" tacked on some hundreds of times, exceeding the max cookie size (I suspect) and mismatching the key between client and server. Each instance of "undefined" should've been a character randomly selected from an array of strings, but was not. Some invalid index was being used to access the array of strings, I don't know what. This seemed to begin after eight iterations, don't know if that was consistent.

I suspect we were running afoul of some platform-specific JS optimization or bug. Made an educated guess and introduced a case where the random number might (but never actually would) be logged; seems to have resolved the problem.

Merge request reports

Pipeline #3584 passed

Stage: build

Pipeline passed for 5325cc69 on aripoll-auth-wtf

Approval is optional

Merged by Rob SwindellRob Swindell 2 years ago (Jan 3, 2023 10:30pm UTC)

Merge details

  • Changes merged into master with f05551d2 (commits were squashed).
  • Deleted the source branch.

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
Please register or sign in to reply