Commit 35510252 authored by Robert Lyon's avatar Robert Lyon Committed by Gerrit Code Review

Merge "Session is not invalidating after password change (Bug #1363873)"

parents 5916ccc3 f103c650
...@@ -414,7 +414,13 @@ function auth_setup () { ...@@ -414,7 +414,13 @@ function auth_setup () {
// Check the time that the session is set to log out. If the user does // Check the time that the session is set to log out. If the user does
// not have a session, this time will be 0. // not have a session, this time will be 0.
$sessionlogouttime = $USER->get('logout_time'); $sessionlogouttime = $USER->get('logout_time');
if ($sessionlogouttime && isset($_GET['logout'])) {
// Need to doublecheck that the User's sessionid still has a match the usr_session table
// It can disappear if the current user has hacked the real user's account and the real user has
// reset the password clearing the session from usr_session.
$sessionexists = get_record('usr_session', 'usr', $USER->id, 'session', $USER->get('sessionid'));
$parentuser = $USER->get('parentuser');
if (($sessionlogouttime && isset($_GET['logout'])) || ($sessionexists === false && $USER->get('sessionid') != '' && empty($parentuser))) {
// Call the authinstance' logout hook // Call the authinstance' logout hook
$authinstance = $SESSION->get('authinstance'); $authinstance = $SESSION->get('authinstance');
if ($authinstance) { if ($authinstance) {
......
...@@ -223,6 +223,10 @@ function forgotpasschange_submit(Pieform $form, $values) { ...@@ -223,6 +223,10 @@ function forgotpasschange_submit(Pieform $form, $values) {
ensure_user_account_is_active($user); ensure_user_account_is_active($user);
$USER->reanimate($user->id, $user->authinstance); $USER->reanimate($user->id, $user->authinstance);
// Destroy other sessions of the user
remove_user_sessions($USER->get('id'));
$SESSION->add_ok_msg(get_string('passwordchangedok')); $SESSION->add_ok_msg(get_string('passwordchangedok'));
redirect(); redirect();
exit; exit;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment