mahara-contributors team mailing list archive

Thread
Date

[Bug 634580] Re: Admin edits of user account details can be overwritten by open session

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Eugene <634580@xxxxxxxxxxxxxxxxxx>
Date: Wed, 13 Oct 2010 03:24:28 -0000
Reply-to: Bug 634580 <634580@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Hi Richard,

Would the attached patch do the trick. I have added a warning note to
the top of the form and added the functionality that will remove the
edited user's session upon form submit.

Cheers!

** Patch added: "bug634580.patch"
   https://bugs.launchpad.net/mahara/+bug/634580/+attachment/1689997/+files/bug634580.patch

-- 
Admin edits of user account details can be overwritten by open session
https://bugs.launchpad.net/bugs/634580
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.

Status in Mahara ePortfolio: New

Bug description:
If an admin edits a user on the admin edit user page, and that user is currently logged in, then the changes made by the admin can be overwritten the next time that user browses around on the site and their session details are saved to the database.

Perhaps, saving the form on the edit user page should call remove_user_sessions for the edited user (like when suspending a user).  It would be nice if the admin was given a warning ("if you submit this form then <username> will be logged out") whenever the edited user has a session that hasn't expired.

References

[Bug 634580] [NEW] Admin edits of user account details can be overwritten by open session
From: Richard Mansfield, 2010-09-09