mahara-contributors team mailing list archive

Thread
Date

[Bug 1734194] Re: Infinite redirect loop caused by logged out user in usr_session table

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Robert Lyon <robertl@xxxxxxxxxxxxxxx>
Date: Thu, 05 Apr 2018 21:51:17 -0000
Reply-to: Bug 1734194 <1734194@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: mahara/18.04
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1734194

Title:
  Infinite redirect loop caused by logged out user in usr_session table

Status in Mahara:
  Fix Released
Status in Mahara 16.10 series:
  Fix Released
Status in Mahara 17.04 series:
  Fix Released
Status in Mahara 17.10 series:
  Fix Released
Status in Mahara 18.04 series:
  Fix Released

Bug description:
  The USER object contains the id of the user that is logged in and it
  matches up to the usr_session table so we know which session is
  matched to what user.

  When one is not logged in the USER object has id = 0

  If for some reason we end up with usr = 0 in the usr_session table we end up in an infinite loop
  because it tries to log out that dummy user but can't

  It should never end up in the usr_session table.

  So we need to do these things:
  1) When saving data to usr_session table never save if user id = 0, instead throw warning
  to avoid the problem

  2) When reading usr_session data in auth_setup() function to ignore fetching info for usr = 0
  to ignore bad data

  behatnotneeded

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1734194/+subscriptions

References

[Bug 1734194] [NEW] Infinite redirect loop caused by logged out user in usr_session table
From: Robert Lyon, 2017-11-23