Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-73317

Detect and add debugging for when the session is changed after it has been closed

    XMLWordPrintable

Details

    • MOODLE_401_STABLE
    • MOODLE_402_STABLE
    • MDL-73317-master
    • Hide
      1. Copy the two  attached scripts to siteroot
      2. Enable debugging
      3. Navigate in a web browser to /MDL-73317-session-cache-write-close.php
      4. Check that a debugging message will be shown indicating the session was edited after it was closed for e.g:
        1. Script /MDL-73317-session-cache-write-close.php mutated the session 
          after it was closed: $SESSION->cachestore_session: 
          default_session-core/coursecat,default_session-core/calendar_categories,default_session-core/courseeditorstate,default_session-core/contentbank_allowed_courses,default_session-core/contentbank_allowed_categories,default_session-core/userselections,default_session-core/navigation_expandcourse,default_session-core/grade_categories,default_session-core/tagindexbuilder,default_session-core/presignup,default_session-tool_mobile/subscriptiondataline 790 of /lib/classes/session/manager.php: call to debugging()line ? of unknownfile: call to core\session\manager::check_mutated_closed_session()line 155 of /lib/classes/shutdown_manager.php: call to call_user_func_array()line ? of unknownfile: call to core_shutdown_manager::shutdown_handler()

      5. Navigate in a web browser to /MDL-73317-delete-after-close.php
      6. Check that a debugging message will be shown indicating the session was cleared after close for e.g.:
        1. Script /MDL-73317-delete-after-close.php cleared the session after it was closed.  line 762 of /lib/classes/session/manager.php: call to debugging() line ? of unknownfile: call to core\session\manager::check_mutated_closed_session() line 155 of /lib/classes/shutdown_manager.php: call to call_user_func_array() line ? of unknownfile: call to core_shutdown_manager::shutdown_handler() 

      Show
      Copy the two  attached scripts to siteroot Enable debugging Navigate in a web browser to / MDL-73317 -session-cache-write-close.php Check that a debugging message will be shown indicating the session was edited after it was closed for e.g: Script /MDL- 73317 -session-cache-write-close.php mutated the session after it was closed: $SESSION->cachestore_session: default_session-core/coursecat,default_session-core/calendar_categories,default_session-core/courseeditorstate,default_session-core/contentbank_allowed_courses,default_session-core/contentbank_allowed_categories,default_session-core/userselections,default_session-core/navigation_expandcourse,default_session-core/grade_categories,default_session-core/tagindexbuilder,default_session-core/presignup,default_session-tool_mobile/subscriptiondataline 790 of /lib/classes/session/manager.php: call to debugging()line ? of unknownfile: call to core\session\manager::check_mutated_closed_session()line 155 of /lib/classes/shutdown_manager.php: call to call_user_func_array()line ? of unknownfile: call to core_shutdown_manager::shutdown_handler() Navigate in a web browser to / MDL-73317 -delete-after-close.php Check that a debugging message will be shown indicating the session was cleared after close for e.g.: Script /MDL- 73317 -delete-after-close.php cleared the session after it was closed. line 762 of /lib/classes/session/manager.php: call to debugging() line ? of unknownfile: call to core\session\manager::check_mutated_closed_session() line 155 of /lib/classes/shutdown_manager.php: call to call_user_func_array() line ? of unknownfile: call to core_shutdown_manager::shutdown_handler()

    Description

      The problem

      After $SESSION->write_close() is called, code should not write to the session.

      However, It is difficult as a developer to know if any code called afterwards will write to the session as the code paths may be very complex and require lots of manual inspection.

      Ideal Solution

      Logging for any changes to the session that happen after it is closed.

      Background

      This is a superset of MDL-69977. I suspect there are some pages which blindly write to the session but the session has already been closed. So these changes are just lost. At minimum these should be turn up in the error log. 

      The logic here already exists for handling readonly session mutation detection so its just the same logic after the write close, but always on.

      Attachments

        Issue Links

          Activity

            People

              matthewhilton Matthew Hilton
              brendanheywood Brendan Heywood
              Brendan Heywood Brendan Heywood
              Andrew Lyons Andrew Lyons
              Ron Carl Alfon Yu Ron Carl Alfon Yu
              Votes:
              0 Vote for this issue
              Watchers:
              11 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 6 hours, 16 minutes
                  6h 16m

                  Clockify

                    Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.