[#8771] - Long submit of a domain causes null user and temporary super user access

Category:
Bug report
Priority:
Normal
Status:
New
Project: Severity:
Minor
Resolution:
Open
Component: Reproducibility:
Sometimes
Assigned to:

I noticed an odd behaviour when submitting a domain and loading a page within the same browser session.

While developing one of our domains we had got it to a state where it was loading a large amount of fields which was causing the submission of the domain to take a bit longer to load.

After loading for a little while the loading window will flash. Once that's happened loading another page in the browser session will show the username as null and will allow access to pages that the user shouldn't have access to i.e. the server settings. I was logged in as jasperadmin when editing the domain but was able to access superuser pages. This side effect only seems to last while the submission requests occurs and will return back to normal when the submission has finished and the page is reloaded.

The username will be lost and extra access is gained every time after the loading window flashes but I've only been able to do that with one domain.

It's like the authentication details are lost in the session after a long request and the security checks treat null as valid.

Uploaded is a screen shot of the null username and the log settings page.

AttachmentSize
Image icon null_user.jpg106.2 KB
v6.3.0
nhodder's picture
Joined: Feb 19 2016 - 6:54pm
Last seen: 5 years 9 months ago
Feedback