[Improvement] Added "lost password confirm" as a do-not-cache page. [Improvement] Misc code improvements. [Bug Fix] Logged-in cookie is now cleared when a visitor is logged-out due to a session timeout. [Bug Fix] Visitors automatically logged-in from the "forgot my password" submission page are now correctly detected as non-guest visitors.
[Bug Fix] Csrf validation is now bypassed for 'AddReply' and 'PostThread' guest actions to avoid security errors when performing these actions from a cached page. (Applies to XF 2.2 'write before registering' feature)
[Improvement] Improved login state detection to prevent forum members who sign in with "Stay logged in" unchecked from being served by cache. (Rewrite rule update required) [Improvement] No longer cache "install" pages. (Rewrite rule update required) [Improvement] Improved return code checking to prevent caching non HTTP status 200 and 404 pages. (500 errors may still run into issues)
[Bug Fix] Csrf validation is now also bypassed for search and "Forgot your password?" requests to avoid security errors when making these requests from a cached page.
[Improvement] Improved detection of do-not-cache admin pages. [Update] Updated readme .htaccess rules to better handle possible login issues. [Bug Fix] Csrf validation is now bypassed for login and register requests to avoid security errors when making these requests from a cached page.
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.
