Code to delete session id on logout is not triggered
Bug #826453 reported by
Richard Mansfield
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
Low
|
Eugene |
Bug Description
See https:/
As Brian King noted, there is a bug in the $USER->logout() function that calls table_exists on a string rather than an XMLDBTable object.
What's worse is that this code in logout() doesn't really serve any useful purpose. It is trying to delete a record of the user's session id when the user logs out, but because most of the time ddl.php is not included at this point, it won't be triggered. We should either include ddl.php explicitly, so it succeeds, or else maybe remove that code altogether.
Changed in mahara: | |
status: | New → Confirmed |
importance: | Undecided → Low |
milestone: | none → 1.5.0 |
Changed in mahara: | |
status: | Confirmed → Fix Committed |
assignee: | nobody → Richard Mansfield (richard-mansfield) |
Changed in mahara: | |
assignee: | nobody → Eugene (eugenev) |
Changed in mahara: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
This is not actually fixed, I created this so we don't forget about it before 1.5.
I merged a commit from Brian King into 1.4, but it needs to be fixed on master in a different way. This is the comment from gerrit:
For master I think we should do it differently because currently that entire if statement is pointless: it's trying to delete a record of the user's session id from usr_session on logout, but because ddl is almost never included, it's going to skip it 99% of the time.