Uploaded image for project: 'Bitbucket Data Center'
  1. Bitbucket Data Center
  2. BSERV-5105

Captcha verification is broken in 3.2

    XMLWordPrintable

Details

    • Bug
    • Resolution: Duplicate
    • Medium
    • None
    • 3.2.0
    • Enterprise
    • None

    Description

      Verification of CAPTCHA is broken on Stash 3.2. The problem is indirectly caused by use of Hazelcast's session replication. Hazelcast wraps the Tomcat HttpSession with its own wrapper, which has a different session ID.

      When the Captcha challenge is created, the captcha token is stored against the session ID obtained from HttpSession.getId(). However, when the provided token is verified, it's retrieved using HttpServletRequest.getRequestedSessionId() which differs. Therefore the token is not found and an error occurs.

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. BSERV-5083 The CAPTCHA service found itself in an awkward situation

          • Low - Low priority issues
          • Closed

          Activity

            People

              mheemskerk Michael Heemskerk (Inactive)
              mheemskerk Michael Heemskerk (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: