17953: newtest/Y in URL is not clearing session - LimeSurvey bugs and feature requests

This bug affects 1 person(s).

252

ID	Project	Category	View Status	Date Submitted	Last Update

17953	Bug reports	Security	public	2022-03-14 17:53	2022-03-15 08:29

Reporter	segui	Assigned To	galads
Priority	none	Severity	partial_block
Status	closed	Resolution	duplicate
Product Version	5.x

Summary	17953: newtest/Y in URL is not clearing session
Description	Background: I have a close survey that is going to be filled using the same computer. The survey is anonymous and participants are given a token that they have to input at the beginning of the survey. Participants should be able to save midway, come back at a later time, enter their token and land on the survey screen where they left. If participant A closes the browser midway and leaves, and participant B comes to the same computer, the survey link should take participant B to the screen asking for the token. Participants can only participate once, and their tokens are set with only one use allowed. My survey has these settings: `• Set cookie to prevent repeated participation = OFF • Participant may save and resume later = ON • Enable participant-based response persistence = ON • Allow multiple responses or update responses with one access code = OFF` Problem: When a participant stops taking the survey midway, pointing the browser to the survey URL with "/newtest/Y" added to it doesn't clear the session, which is needed for a different participant to start taking the survey from the token input screen.
Steps To Reproduce	Steps to reproduce Create a close survey with 1-use-only tokens Survey settings as in the description. Activate survey. Go to survey URL https://domainname/limesurvey/index.php/123456/lang/en/newtest/Y Enter valid token and start taking survey Save midway and close browser Open browser and point it to https://domainname/limesurvey/index.php/123456/lang/en/newtest/Y Expected result Browser session gets cleared and browser shows screen asking for token. Actual result Session is not cleared and browser lands on the screen where previous participant left.
Tags	No tags attached.

Bug heat	252
Complete LimeSurvey version number (& build)	5.3.4+220309
I will donate to the project if issue is resolved	No
Browser	Google Chrome 99.0.4844.51 (Official Build) (x86_64); Firefox 98.0 (64-bit)
Database type & version	mysql Ver 15.1 Distrib 10.5.11-MariaDB, for Linux (x86_64)
Server OS (if known)	Red Hat Enterprise Linux Server release 7.9
Webserver software & version (if known)	Apache 2.4
PHP Version	7.2

User List	There are no users monitoring this issue.

Date Modified	Username	Field	Change
2022-03-14 17:53	segui	New Issue
2022-03-14 18:02	segui	Note Added: 68670
2022-03-14 18:02	segui	Bug heat	250 => 252
2022-03-15 08:27	galads	Assigned To	=> galads
2022-03-15 08:27	galads	Status	new => acknowledged
2022-03-15 08:29	galads	Status	acknowledged => closed
2022-03-15 08:29	galads	Resolution	open => duplicate
2022-03-15 08:29	galads	Relationship added	duplicate of 17955

View Issue Details

Steps to reproduce

Expected result

Actual result

Relationships

Users monitoring this issue

Activities

Issue History

segui 2022-03-14 18:02 reporter ~68670	I got an error when submitting my bug report so I accidentally created issues 17954 and 17955 (which also threw errors when submitting). I couldn't delete 17954 and 17954, so please disregard. Ginet