Skip to content

Instantly share code, notes, and snippets.

@piotrekkaminski

piotrekkaminski/invalid_session_fix.patch

Created March 14, 2018 17:08
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save piotrekkaminski/9f6af10b3a2c2961828d9e5f76def9fa to your computer and use it in GitHub Desktop.
Save piotrekkaminski/9f6af10b3a2c2961828d9e5f76def9fa to your computer and use it in GitHub Desktop.
Download ZIP
Revert guest checkout account registration problem introduced by patch SUPEE-10570. Note: this does not protect against security issues related to session lifetime.
Raw
invalid_session_fix.patch
diff --git a/app/code/core/Mage/Core/Model/Session/Abstract/Varien.php b/app/code/core/Mage/Core/Model/Session/Abstract/Varien.php
index 59b3ea8..35155f1 100644
--- a/app/code/core/Mage/Core/Model/Session/Abstract/Varien.php
+++ b/app/code/core/Mage/Core/Model/Session/Abstract/Varien.php
@@ -485,7 +485,7 @@ class Mage_Core_Model_Session_Abstract_Varien extends Varien_Object
&& isset($validatorData[self::VALIDATOR_PASSWORD_CREATE_TIMESTAMP])
&& isset($sessionData[self::VALIDATOR_SESSION_EXPIRE_TIMESTAMP])
&& $validatorData[self::VALIDATOR_PASSWORD_CREATE_TIMESTAMP]
- > $sessionData[self::VALIDATOR_SESSION_EXPIRE_TIMESTAMP] - $this->getCookie()->getLifetime()
+ > $sessionData[self::VALIDATOR_SESSION_EXPIRE_TIMESTAMP]
) {
return false;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment