Hello,

Thanks for the reply! I forgot to mention that I have this patch applied since December. I did restart Apache2 after applying the patch. Can you please try to reproduce this?

Have you had a chance to reproduce this issue?

Hello

I implemented the change and restarted apache2 but still got the same result. I will post changes I made in usersession file aswell. I am testing in incognito mode always.

if ($_SERVER['REQUEST_METHOD'] === 'GET'
&& isset($_SESSION['TIME_BOMB'])
&& ($_SESSION['TIME_BOMB'] < time())
&& ($id=$this->regenerateSession())) {
// unset timer and set next one based on maxlife for the user or
// 24 hrs later
// TODO: Make regenerate frequency configurable in 2032 /j
// PS: Living and dying and the stories that are true Secrets to
// a good life is knowing when you're through ~ time bomb
$ttl = ($this->getMaxIdleTime() ?: 86400);
$_SESSION['TIME_BOMB'] = time() + $ttl;
// Set new id locally
$this->session_id = $id;
// Force cookie renewal NOW!
$refreshRate = -1;
}
function regenerateSession(int $ttl = 120) {
// Set TTD (Time To Die) on current session
// If ttl is 0 then session is destroyed immediatetly
$_SESSION['TTD'] = time() + $ttl; // now + ttl
if (($id=osTicketSession::regenerate($ttl)))
$this->session->session_id = $id;
// unset TTD on the new session - new life my boy!
unset($_SESSION['TTD']);
return $id;
}

KevinTheJedi But is it possible for you to try to reproduce this problem?

Hey, tried that but still the issue is same. Do you use Apache2 or nginx and do you have any special configuration?

What I've currently noticed is this: When I submit ticket in one tab, the osticket session cookie value get's changed:
Cookie value at first in BOTH TAB's tab1:

and tab2:

Now when submitting ticket in tab1 this value gets accepted:

and changed:

Now when trying to submit ticket in tab2 refresh happens and cookie is now changed and this new cookie is accepted:


After that new value is assigned: