Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-46099

Terminating the session does not empty $USER and $SESSION variables

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide

      1/ login/logout into moodle (make sure it works as before)
      2/ use this little test script:

      <?php
      require('config.php');
      require_logout();
      var_dump($_SESSION);
      echo "<br>";
      var_dump($USER);
      

      it should print $USER and $_SESSION['USER'] pointing to the same object for not-logged-in user

      3/ run phpunit tests
      4/ run behat tests
      5/ try "login as"
      6/ try web installation without config.php
      7/ try CLI installation without config.php

      Show
      1/ login/logout into moodle (make sure it works as before) 2/ use this little test script: <?php require('config.php'); require_logout(); var_dump($_SESSION); echo "<br>"; var_dump($USER); it should print $USER and $_SESSION ['USER'] pointing to the same object for not-logged-in user 3/ run phpunit tests 4/ run behat tests 5/ try "login as" 6/ try web installation without config.php 7/ try CLI installation without config.php
    • Affected Branches:
      MOODLE_26_STABLE, MOODLE_27_STABLE
    • Fixed Branches:
      MOODLE_26_STABLE, MOODLE_27_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      wip_MDL-46099_m28_userglobal

      Description

      If you look at the code in \core\session\manager::terminal_current(), there is a call to init_empty_session(), which resets $_SESSION. However, this does not reset $USER or $SESSION as they still point to the value that was contained in $_SESSION.

      We need to apply the same rule to $_SESSION than to $USER/$SESSION and wipe their content.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  14/Jul/14