diff options
| author | Tim Almdal <tnalmdal@shaw.ca> | 2009-10-21 15:17:23 -0700 |
|---|---|---|
| committer | Tim Almdal <tnalmdal@shaw.ca> | 2009-10-21 15:17:23 -0700 |
| commit | 7638834e97be905efd80acff6312330db34ba0bc (patch) | |
| tree | 23e0481da04d6a40f786e5f3bf626ad88f2b59f5 | |
| parent | b994ea9d6274a6b479da06e9b97ed6e5126587c0 (diff) | |
Address the issue of the administrator changing the identity provider whilst users are logged onto the system. Addressed the issue by adding try/catch logic to the Session::load_user() method. If load_user fails for any reason, then assume that the identity provider has changed, destroy the current session and redirect to the root album.
| -rw-r--r-- | modules/gallery/libraries/MY_Session.php | 43 |
1 files changed, 26 insertions, 17 deletions
diff --git a/modules/gallery/libraries/MY_Session.php b/modules/gallery/libraries/MY_Session.php index 6394c0fb..1a3ae801 100644 --- a/modules/gallery/libraries/MY_Session.php +++ b/modules/gallery/libraries/MY_Session.php @@ -23,26 +23,35 @@ class Session extends Session_Core { * Make sure that we have a session and group_ids cached in the session. */ static function load_user() { - $session = Session::instance(); - if (!($user = $session->get("user"))) { - $session->set("user", $user = Identity::guest()); - } + try { + $session = Session::instance(); + if (!($user = $session->get("user"))) { + $session->set("user", $user = Identity::guest()); + } - // The installer cannot set a user into the session, so it just sets an id which we should - // upconvert into a user. - // @todo set the user name into the session instead of 2 and then use it to get the user object - if ($user === 2) { - $user = Instance::lookup_user_by_name("admin"); - self::set_active_user($user); - $session->set("user", $user); - } + // The installer cannot set a user into the session, so it just sets an id which we should + // upconvert into a user. + // @todo set the user name into the session instead of 2 and then use it to get the user object + if ($user === 2) { + $user = Instance::lookup_user_by_name("admin"); + self::set_active_user($user); + $session->set("user", $user); + } - if (!$session->get("group_ids")) { - $ids = array(); - foreach ($user->groups as $group) { - $ids[] = $group->id; + if (!$session->get("group_ids")) { + $ids = array(); + foreach ($user->groups as $group) { + $ids[] = $group->id; + } + $session->set("group_ids", $ids); + } + } catch (Exception $e) { + try { + Session::instance()->destroy(); + } catch (Exception $e) { + // We don't care if there was a problem destroying the session. } - $session->set("group_ids", $ids); + url::redirect(item::root()->abs_url()); } } |