Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add test for race condition between forced logout and session_save
The added test should be able to detect if the code is handling the following scenario: a user is forcibly logged out, maybe due to an admin password change. But if the user is currently logged in, and the forced logout happens between a open_session() ans a save_session() call then the session will be restored and the logout will be ineffective. To prevent this, we need to atomically check if a session already exists in Redis before writing a modified one (the problem should not exists in the case of a new session).
- Loading branch information