Skip to content

Commit

Permalink
Fixed: User depersonation do not clean out impersonated user session.
Browse files Browse the repository at this point in the history
(OFBIZ-10942)

Thank you Leila Mekika for reporting and providing the patch.


git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-framework/trunk@1857991 13f79535-47bb-0310-9956-ffa450edef68
  • Loading branch information
gilPts committed Apr 23, 2019
1 parent 26a2a5f commit 9cec8c6
Showing 1 changed file with 5 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -719,8 +719,9 @@ public static String depersonateLogin(HttpServletRequest request, HttpServletRes
}

//update the userLogin history, only one impersonation of this user can be active at the same time
GenericValue userLogin = (GenericValue) session.getAttribute("userLogin");
EntityCondition conditions = EntityCondition.makeCondition(
EntityCondition.makeCondition("userLoginId", ((GenericValue) session.getAttribute("userLogin")).get("userLoginId")),
EntityCondition.makeCondition("userLoginId", userLogin.get("userLoginId")),
EntityCondition.makeCondition("originUserLoginId", originUserLogin.get("userLoginId")),
EntityUtil.getFilterByDateExpr());
try {
Expand All @@ -736,6 +737,9 @@ public static String depersonateLogin(HttpServletRequest request, HttpServletRes
return "error";
}

// Log out currentLogin to clean session
doBasicLogout(userLogin, request, response);

// Log back the impersonating user
return doMainLogin(request, response, originUserLogin, null);
}
Expand Down

0 comments on commit 9cec8c6

Please sign in to comment.