mahara-contributors team mailing list archive

Thread
Date

[Bug 1734194] Re: Infinite redirect loop caused by logged out user in usr_session table

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Robert Lyon <robertl@xxxxxxxxxxxxxxx>
Date: Sat, 25 Nov 2017 21:35:17 -0000
Reply-to: Bug 1734194 <1734194@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug is critical to fix in one sense: that it makes the site
unusable with redirect loop

But is non-critical in another sense: that is virtually impossible to
replicate under normal circumstances.

So yes we need to fix asap to avoid the problem when one logs in and
fills up dataroot at same time causing logged out user to be saved in
usr_session table

** Also affects: mahara/18.04
   Importance: Critical
     Assignee: Robert Lyon (robertl-9)
       Status: In Progress

** Also affects: mahara/17.10
   Importance: Undecided
       Status: New

** Also affects: mahara/16.10
   Importance: Undecided
       Status: New

** Also affects: mahara/17.04
   Importance: Undecided
       Status: New

** Changed in: mahara/17.10
       Status: New => In Progress

** Changed in: mahara/17.04
       Status: New => In Progress

** Changed in: mahara/16.10
       Status: New => In Progress

** Changed in: mahara/16.10
   Importance: Undecided => Critical

** Changed in: mahara/17.04
   Importance: Undecided => Critical

** Changed in: mahara/17.10
   Importance: Undecided => Critical

** Changed in: mahara/17.10
    Milestone: None => 17.10.1

** Changed in: mahara/17.04
    Milestone: None => 17.04.5

** Changed in: mahara/16.10
    Milestone: None => 16.10.7

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1734194

Title:
  Infinite redirect loop caused by logged out user in usr_session table

Status in Mahara:
  In Progress
Status in Mahara 16.10 series:
  In Progress
Status in Mahara 17.04 series:
  In Progress
Status in Mahara 17.10 series:
  In Progress
Status in Mahara 18.04 series:
  In Progress

Bug description:
  The USER object contains the id of the user that is logged in and it
  matches up to the usr_session table so we know which session is
  matched to what user.

  When one is not logged in the USER object has id = 0

  If for some reason we end up with usr = 0 in the usr_session table we end up in an infinite loop
  because it tries to log out that dummy user but can't

  It should never end up in the usr_session table.

  So we need to do these things:
  1) When saving data to usr_session table never save if user id = 0, instead throw warning
  to avoid the problem

  2) When reading usr_session data in auth_setup() function to ignore fetching info for usr = 0
  to ignore bad data

  behatnotneeded

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1734194/+subscriptions

References

[Bug 1734194] [NEW] Infinite redirect loop caused by logged out user in usr_session table
From: Robert Lyon, 2017-11-23