I am having a quite sensitive problem. I will explain the problem with
an example. Let's say I connect with user A and begin a chat with user
B. I then logout from my account and user C uses the same browser on the
computer I used. If user C begin a discussion with user B, he will see
all previous discussion of users A and B.
It seems that previous chat is stored in some cache or some chat table
that should be completely cleared upon logout.
I have then created a patch that solves the issue by precising a path when setting the DRUPALCHAT_NEWLOGIN cookie.
Thanks,
Mika
Comment | File | Size | Author |
---|---|---|---|
fix-cookie-path.patch | 873 bytes | mikaoelitiana@gmail.com |
Comments
Comment #1
gregglesPer https://drupal.org/security-advisory-policy this issue can be fixed in public since it affects a branch that does not have a stable release.
Comment #2
darklrd CreditAttribution: darklrd commentedThanks for the patch. It has been committed - http://drupalcode.org/project/drupalchat.git/commit/5bdcec5.
Comment #3
gregglesFWIW, the proposed patch doesn't seem to me like it would actually address the stated problem. @darklrd, did you confirm the problem and that the patch fixes it?
Comment #5
darklrd CreditAttribution: darklrd commentedHi greggles,
The problem is that DrupalChat module uses client side local storage to store chat data and there seems to be no way via PHP to remove it. So, the only way seems to be clear local storage via JS on logout/login.
Another better way maybe to remove client side storage altogether but then it would increase load server side (to relad chat related data on page change).
Thanks!
Comment #6
apaderno