Permalink
Browse files

Remove some old session hackery & make sure mgd always stays in sync

  • Loading branch information...
flack committed Oct 22, 2017
1 parent 6dfa014 commit 085d3e4daedac0a178af2774bdecf924b65e5c35
Showing with 4 additions and 23 deletions.
  1. +1 −0 lib/midcom/services/auth/backend.php
  2. +3 −21 lib/midcom/services/auth/main.php
  3. +0 −2 test/utilities/testcase.php
@@ -188,5 +188,6 @@ public function logout(midcom_core_user $user)
$person->delete_parameter('midcom', 'online');
}
$this->delete_session();
midcom_connection::logout();
}
}
@@ -723,32 +723,14 @@ public function trusted_login($username)
* This call clears any authentication state
*/
public function logout()
{
$this->drop_login_session();
$this->admin = false;
$this->user = null;
midcom_connection::logout();
}
/**
* This is a limited version of logout: It will just drop the current login session, but keep
* the current request authenticated.
*
* Note, that this call will also drop any information in the PHP Session (if exists). This will
* leave the request in a clean state after calling this function.
*/
function drop_login_session()
{
if (is_null($this->user)) {
debug_add('The backend has no authenticated user set, so we should be fine, doing the relocate nevertheless though.');
debug_add('The backend has no authenticated user set, so we should be fine');
} else {
$this->_auth_backend->logout($this->user);
$this->user = null;
}
// Kill the session forcibly:
@session_start();
$_SESSION = [];
session_destroy();
$this->admin = false;
}
/**
@@ -429,8 +429,6 @@ public static function TearDownAfterClass()
self::_process_delete_queue('class', self::$_class_objects);
self::$_class_objects = [];
midcom::get()->auth->logout();
// logout calls session_destroy, so we need to make sure that nothing else tries to start it again
@session_start();
}
private static function _process_delete_queue($queue_name, $queue)

0 comments on commit 085d3e4

Please sign in to comment.