[MDL-73317] Detect and add debugging for when the session is changed after it has been closed - Moodle Tracker

XML

Word

Printable

Details

Type: Improvement
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 4.1
Fix Version/s: 4.2
Component/s: Authentication
Labels:
- CatalystIT
- ci
- partner
- triaged

Affected Branches:
MOODLE_401_STABLE
Fixed Branches:
MOODLE_402_STABLE
Pull from Repository:
https://github.com/matthewhilton/moodle
Pull Master Branch:
~~MDL-73317~~-master
Pull Master Diff URL:
https://github.com/moodle/moodle/compare/master...matthewhilton:MDL-73317-master

Testing Instructions:

Hide

Copy the two attached scripts to siteroot
Enable debugging
Navigate in a web browser to /~~MDL-73317~~-session-cache-write-close.php

Check that a debugging message will be shown indicating the session was edited after it was closed for e.g:

Script /MDL-73317-session-cache-write-close.php mutated the session

after it was closed: $SESSION->cachestore_session:

default_session-core/coursecat,default_session-core/calendar_categories,default_session-core/courseeditorstate,default_session-core/contentbank_allowed_courses,default_session-core/contentbank_allowed_categories,default_session-core/userselections,default_session-core/navigation_expandcourse,default_session-core/grade_categories,default_session-core/tagindexbuilder,default_session-core/presignup,default_session-tool_mobile/subscriptiondataline 790 of /lib/classes/session/manager.php: call to debugging()line ? of unknownfile: call to core\session\manager::check_mutated_closed_session()line 155 of /lib/classes/shutdown_manager.php: call to call_user_func_array()line ? of unknownfile: call to core_shutdown_manager::shutdown_handler()

Navigate in a web browser to /~~MDL-73317~~-delete-after-close.php

Check that a debugging message will be shown indicating the session was cleared after close for e.g.:

Script /MDL-73317-delete-after-close.php cleared the session after it was closed.  line 762 of /lib/classes/session/manager.php: call to debugging() line ? of unknownfile: call to core\session\manager::check_mutated_closed_session() line 155 of /lib/classes/shutdown_manager.php: call to call_user_func_array() line ? of unknownfile: call to core_shutdown_manager::shutdown_handler()

Show

Copy the two attached scripts to siteroot Enable debugging Navigate in a web browser to / MDL-73317 -session-cache-write-close.php Check that a debugging message will be shown indicating the session was edited after it was closed for e.g: Script /MDL- 73317 -session-cache-write-close.php mutated the session after it was closed: $SESSION->cachestore_session: default_session-core/coursecat,default_session-core/calendar_categories,default_session-core/courseeditorstate,default_session-core/contentbank_allowed_courses,default_session-core/contentbank_allowed_categories,default_session-core/userselections,default_session-core/navigation_expandcourse,default_session-core/grade_categories,default_session-core/tagindexbuilder,default_session-core/presignup,default_session-tool_mobile/subscriptiondataline 790 of /lib/classes/session/manager.php: call to debugging()line ? of unknownfile: call to core\session\manager::check_mutated_closed_session()line 155 of /lib/classes/shutdown_manager.php: call to call_user_func_array()line ? of unknownfile: call to core_shutdown_manager::shutdown_handler() Navigate in a web browser to / MDL-73317 -delete-after-close.php Check that a debugging message will be shown indicating the session was cleared after close for e.g.: Script /MDL- 73317 -delete-after-close.php cleared the session after it was closed. line 762 of /lib/classes/session/manager.php: call to debugging() line ? of unknownfile: call to core\session\manager::check_mutated_closed_session() line 155 of /lib/classes/shutdown_manager.php: call to call_user_func_array() line ? of unknownfile: call to core_shutdown_manager::shutdown_handler()

Description

The problem

After $SESSION->write_close() is called, code should not write to the session.

However, It is difficult as a developer to know if any code called afterwards will write to the session as the code paths may be very complex and require lots of manual inspection.

Ideal Solution

Logging for any changes to the session that happen after it is closed.

Background

This is a superset of MDL-69977. I suspect there are some pages which blindly write to the session but the session has already been closed. So these changes are just lost. At minimum these should be turn up in the error log.

The logic here already exists for handling readonly session mutation detection so its just the same logic after the write close, but always on.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

MDL-73317_classic.png
290 kB
16/Feb/23 10:11 AM
MDL-73317.png
360 kB
16/Feb/23 10:06 AM
MDL-73317-delete-after-close.php
0.3 kB
13/Sep/22 6:34 AM
MDL-73317-session-cache-write-close-1.php
0.6 kB
13/Sep/22 6:34 AM

Issue Links

has a non-specific relationship to

MDL-75813 Session cache store breaks cache api when session is closed or readonly

Open

MDL-74911 The Assign edit pdf conversion polling doesn't release the session lock

Closed

MDLSITE-6615 Add a workflow transition so the peer reviewer can move from IR back to dev

Open

will help resolve

MDL-69977 MUC session cache items can be set after write_close and silently fail

Open

Activity

People

Assignee:: Matthew Hilton

Reporter:: Brendan Heywood

Peer reviewer:: Brendan Heywood

Integrator:: Andrew Lyons

Tester:: Ron Carl Alfon Yu

Participants:: Andrew Lyons, Brendan Heywood, CiBoT, Eloy Lafuente (stronk7), Jake Dallimore, Jun Pataleta, Matthew Hilton, Ron Carl Alfon Yu, Simey Lameze

Component watchers:: David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo

Votes:: 0 Vote for this issue

Watchers:: 11 Start watching this issue

Dates

Created:: 09/Dec/21 10:38 AM

Updated:: 17/Feb/23 10:08 AM

Resolved:: 17/Feb/23 10:08 AM

Fix Release Date:: 24/Apr/23

Time Tracking

Estimated:

Remaining:

Logged:

6h 16m