mahara-contributors team mailing list archive
-
mahara-contributors team
-
Mailing list archive
-
Message #45654
[Bug 1734194] [NEW] Infinite redirect loop caused by logged out user in usr_session table
Public bug reported:
The USER object contains the id of the user that is logged in and it
matches up to the usr_session table so we know which session is matched
to what user.
When one is not logged in the USER object has id = 0
If for some reason we end up with usr = 0 in the usr_session table we end up in an infinite loop
because it tries to log out that dummy user but can't
It should never end up in the usr_session table.
So we need to do these things:
1) When saving data to usr_session table never save if user id = 0, instead throw warning
to avoid the problem
2) When reading usr_session data in auth_setup() function to ignore fetching info for usr = 0
to ignore bad data
behatnotneeded
** Affects: mahara
Importance: Critical
Assignee: Robert Lyon (robertl-9)
Status: In Progress
** Changed in: mahara
Importance: Undecided => Critical
** Changed in: mahara
Milestone: None => 18.04.0
** Changed in: mahara
Status: New => In Progress
** Changed in: mahara
Assignee: (unassigned) => Robert Lyon (robertl-9)
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1734194
Title:
Infinite redirect loop caused by logged out user in usr_session table
Status in Mahara:
In Progress
Bug description:
The USER object contains the id of the user that is logged in and it
matches up to the usr_session table so we know which session is
matched to what user.
When one is not logged in the USER object has id = 0
If for some reason we end up with usr = 0 in the usr_session table we end up in an infinite loop
because it tries to log out that dummy user but can't
It should never end up in the usr_session table.
So we need to do these things:
1) When saving data to usr_session table never save if user id = 0, instead throw warning
to avoid the problem
2) When reading usr_session data in auth_setup() function to ignore fetching info for usr = 0
to ignore bad data
behatnotneeded
To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1734194/+subscriptions
Follow ups
-
[Bug 1734194] Re: Infinite redirect loop caused by logged out user in usr_session table
From: Robert Lyon, 2018-04-05
-
[Bug 1734194] Re: Infinite redirect loop caused by logged out user in usr_session table
From: Cecilia Vela Gurovic, 2018-01-16
-
[Bug 1734194] Re: Infinite redirect loop caused by logged out user in usr_session table
From: Robert Lyon, 2018-01-16
-
[Bug 1734194] Re: Infinite redirect loop caused by logged out user in usr_session table
From: Cecilia Vela Gurovic, 2017-12-14
-
[Bug 1734194] A change has been merged
From: Mahara Bot, 2017-11-29
-
[Bug 1734194] A change has been merged
From: Mahara Bot, 2017-11-29
-
[Bug 1734194] A change has been merged
From: Mahara Bot, 2017-11-29
-
[Bug 1734194] Re: Infinite redirect loop caused by logged out user in usr_session table
From: Robert Lyon, 2017-11-29
-
[Bug 1734194] A patch has been submitted for review
From: Mahara Bot, 2017-11-29
-
[Bug 1734194] A patch has been submitted for review
From: Mahara Bot, 2017-11-29
-
[Bug 1734194] A patch has been submitted for review
From: Mahara Bot, 2017-11-29
-
[Bug 1734194] A change has been merged
From: Mahara Bot, 2017-11-29
-
[Bug 1734194] Re: Infinite redirect loop caused by logged out user in usr_session table
From: Cecilia Vela Gurovic, 2017-11-29
-
[Bug 1734194] Re: Infinite redirect loop caused by logged out user in usr_session table
From: Robert Lyon, 2017-11-25
-
[Bug 1734194] A patch has been submitted for review
From: Mahara Bot, 2017-11-23
