Security issue in logoff.php

There is a failure in a system exit osc which allows the person to click the return button on a browser and to reboot last page with the expired term., which could be something private as page of details of the accounting record or something. They can see, that people consider the information etc.

Value by default osc logoff.php only requires a small part of the code added to destroy and readdress / freshen page of an exit from system once so that if the return button is pressed, the page of an exit from system remained blocked in a loop and has not come back to any previous caching page histories.


In catalog/logoff.php about top FIND:

include(' includes/application_top.php ');


ONLY BELOW it ADD this code:


// BEGIN LOGOFF BACK BUTTON SECURITY FIX
// Do not let the customer use back button or refresh to go back after logoff
if (tep_session_is_registered('customer_id')) {
//$navigation->set_snapshot();
tep_session_destroy(); // disabled above line and changed to destroy so cannot hit back button and see potentially private info
tep_redirect(tep_href_link(FILENAME_LOGOFF, '', 'SSL')); // changed to FILENAME_LOGOFF instead of FILENAME_DEFAULT ... lock in loop
}
// END LOGOFF BACK BUTTON SECURITY FIX


Now, if say, that someone leaves their browser opened, and someone else comes and amazes the return button to Spy!… Irrespective of, how many times they click it…, the Page of the Exit from system only freshens itself beacuse, the session is for a long time destroyed, and the page speaks to itself not to do something, but to freshen or allow them to move ahead somewhere in other place.

Posted by admin 30.Dec.07 Security tips Read more Comments (0)