Admin edits of user account details can be overwritten by open session
Bug #634580 reported by
Richard Mansfield
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
Low
|
Eugene |
Bug Description
If an admin edits a user on the admin edit user page, and that user is currently logged in, then the changes made by the admin can be overwritten the next time that user browses around on the site and their session details are saved to the database.
Perhaps, saving the form on the edit user page should call remove_
Changed in mahara: | |
status: | New → In Progress |
importance: | Undecided → Low |
milestone: | none → 1.4.0 |
assignee: | nobody → Eugene (eugene-catalyst) |
Changed in mahara: | |
status: | In Progress → Fix Committed |
Changed in mahara: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Hi Richard,
Would the attached patch do the trick. I have added a warning note to the top of the form and added the functionality that will remove the edited user's session upon form submit.
Cheers!