Browse files

MDL-45485 auth_shibboleth: User taking over other user's session

Replacing code with call to complete_user_login() since it calls session_regenerate_id().
  • Loading branch information...
1 parent 0d5a27b commit f0ab42f9858ff157225a8c7cb50ac2504a1e3f97 @rlorenzo rlorenzo committed with marinaglancy May 16, 2014
Showing with 1 addition and 15 deletions.
  1. +1 −15 auth/shibboleth/index.php
View
16 auth/shibboleth/index.php
@@ -49,21 +49,7 @@
if ($shibbolethauth->user_login($frm->username, $frm->password)
&& $user = authenticate_user_login($frm->username, $frm->password)) {
- enrol_check_plugins($user);
- session_set_user($user);
-
- $USER->loggedin = true;
- $USER->site = $CFG->wwwroot; // for added security, store the site in the
-
- update_user_login_times();
-
- // Don't show previous shibboleth username on login page
-
- set_login_session_preferences();
-
- unset($SESSION->lang);
- $SESSION->justloggedin = true;
-
+ complete_user_login($user);
add_to_log(SITEID, 'user', 'login', "view.php?id=$USER->id&course=".SITEID, $USER->id, 0, $USER->id);
if (user_not_fully_set_up($USER)) {

0 comments on commit f0ab42f

Please sign in to comment.