mahara-contributors team mailing list archive

[Richard Mansfield <634580@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

If an admin edits a user on the admin edit user page, and that user is
currently logged in, then the changes made by the admin can be
overwritten the next time that user browses around on the site and their
session details are saved to the database.

Perhaps, saving the form on the edit user page should call
remove_user_sessions for the edited user (like when suspending a user).
It would be nice if the admin was given a warning ("if you submit this
form then <username> will be logged out") whenever the edited user has a
session that hasn't expired.

** Affects: mahara
     Importance: Undecided
         Status: New

-- 
Admin edits of user account details can be overwritten by open session
https://bugs.launchpad.net/bugs/634580
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.

Status in Mahara ePortfolio: New

Bug description:
If an admin edits a user on the admin edit user page, and that user is currently logged in, then the changes made by the admin can be overwritten the next time that user browses around on the site and their session details are saved to the database.

Perhaps, saving the form on the edit user page should call remove_user_sessions for the edited user (like when suspending a user).  It would be nice if the admin was given a warning ("if you submit this form then <username> will be logged out") whenever the edited user has a session that hasn't expired.