mahara-contributors team mailing list archive

Thread
Date

[Bug 1734194] A change has been merged

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Mahara Bot <1734194@xxxxxxxxxxxxxxxxxx>
Date: Wed, 29 Nov 2017 18:19:53 -0000
Reply-to: Bug 1734194 <1734194@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://reviews.mahara.org/8317
Committed: https://git.mahara.org/mahara/mahara/commit/128c3e765c2e6161b2ca3b2e9904b3f1e2f6d9a3
Submitter: Robert Lyon (robertl@xxxxxxxxxxxxxxx)
Branch:    16.10_STABLE

commit 128c3e765c2e6161b2ca3b2e9904b3f1e2f6d9a3
Author: Robert Lyon <robertl@xxxxxxxxxxxxxxx>
Date:   Fri Nov 24 08:45:37 2017 +1300

Bug 1734194: Infinite loop site crash if usr = 0 saved in usr_session

The USER object will have id = 0 when a user is logged out

It should never end up in the usr_session table. This patch stops that
from happening and also ignores usr = 0 insession table with setting
up auth as well.

behatnotneeded

Change-Id: I0ba7afe0d21ae822daf8895af943f41048ba82b7
Signed-off-by: Robert Lyon <robertl@xxxxxxxxxxxxxxx>
(cherry picked from commit e7191aad045a594e2c3bd83a496accce1a0e7ea3)

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1734194

Title:
  Infinite redirect loop caused by logged out user in usr_session table

Status in Mahara:
  Fix Committed
Status in Mahara 16.10 series:
  Fix Committed
Status in Mahara 17.04 series:
  Fix Committed
Status in Mahara 17.10 series:
  Fix Committed
Status in Mahara 18.04 series:
  Fix Committed

Bug description:
  The USER object contains the id of the user that is logged in and it
  matches up to the usr_session table so we know which session is
  matched to what user.

  When one is not logged in the USER object has id = 0

  If for some reason we end up with usr = 0 in the usr_session table we end up in an infinite loop
  because it tries to log out that dummy user but can't

  It should never end up in the usr_session table.

  So we need to do these things:
  1) When saving data to usr_session table never save if user id = 0, instead throw warning
  to avoid the problem

  2) When reading usr_session data in auth_setup() function to ignore fetching info for usr = 0
  to ignore bad data

  behatnotneeded

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1734194/+subscriptions

References

[Bug 1734194] [NEW] Infinite redirect loop caused by logged out user in usr_session table
From: Robert Lyon, 2017-11-23