#6235 - Enforce keep_session more aggressively
-
By PDStig
- Added
- 15 views
| Identifier | #6235 |
|---|---|
| Issue type | Minor issue (breaks specific functionality) |
| Title | Enforce keep_session more aggressively |
| Status | Completed |
| Tags |
Roadmap: v11 (custom) |
| Handling member | PDStig |
| Version | 11 beta8 |
| Addon | core |
| Description | If cookies are disabled (or rejected), we need to be more aggressive with keep_session. When rendering any content, any hyperlinks which match the base URL should be session-enforced (so keep_session is applied, or removed, as applicable). Don't just assume Comcode will take care of this; WYSIWYG might bypass this. |
| Steps to reproduce | |
| Funded? | No |
| Commits |
The system will post a comment when this issue is modified (e.g., status changes). To be notified of this, click "Enable comment notifications".
Comments
This hotfix puts in place enforce_sessioned_html to enforce sessions on all links (pointing to the base URL) when possible.
This is not an ideal fix as it makes us have to evaluate the entire output HTML and then run preg_replace on it. However, essential cookies are enforced once a selection is made on cookie consent; so this should rarely ever actually be needed.
Nonetheless, it seems to work quite well. Though it will not work on relative URLs, only absolute ones.