Page MenuHomeIn-Portal Phabricator
Differential D476

INP-1870 - Save the session to the database immediately after the user login
ClosedPublic
Actions

Authored by alex on Jul 29 2024, 4:50 AM.

Details

Reviewers
erik
Commits
rINP16793: Fixes INP-1870 - Save the session to the database immediately after the user…
Test Plan

Part 1

  1. open the Admin Console login page
  2. confirm, that:
    • either there is no adm_sid cookie
    • or there is no records in the UserSessions/ UserSessionData tables related to session key from the adm_sid cookie
  3. replace $application->Run(); code in the /admin/index.php with the following code:
$application->StoreVar('name1', 'value1');
$application->Session->SaveData();

$application->StoreVar('name2', 'value2');
$application->Session->SaveData();

$application->Session->SetField('TimeZone', 'Asia/Hong_Kong');
$application->Session->SaveData();

$application->Session->SetField('Theme', '555');
$application->Session->SaveData();
  1. open the Debugger Report
  2. confirm, that SQLs, that interact with the session-related tables (see above) look like this (irrelevant values replaced with ...):
  3. setting 1st session data into related table:
INSERT INTO UserSessions (`PortalUserId`,`Language`,`Theme`,`GroupId`,`GroupList`,`IpAddress`,`SessionKey`,`LastAccessed`,`BrowserSignature`)
VALUES ('...','...','999','...','...','...','790994740','...','...');

REPLACE INTO UserSessionData (SessionKey, VariableName, VariableValue)
VALUES ('175175914', 'UserGroups', '14'),('175175914', 'user_id', '-2'),('175175914', 'curr_iso', 'USD'),('175175914', 'name1', 'value1'),('175175914', 'admin', '1'),('175175914', 'last_template', 'index.php|-login%3Am0--1--u-'),('175175914', 'last_template_popup', 'index.php|-login%3Am0--1--s-'),('175175914', 'last_url', '/d/in-portal.52x/admin/index.php?env=-login%3Am0--1--s-&next_template=index'),('175175914', 'last_env', '-login%3Am0--1--s-');
  • setting 2nd session data into related table:
REPLACE INTO UserSessionData (SessionKey, VariableName, VariableValue)
VALUES ('662547442', 'name2', 'value2');
  • setting 3rd session data into related table:
UPDATE UserSessions
SET TimeZone = 'Asia/Hong_Kong'
WHERE SessionKey = '662547442';
  • setting 4th session data into related table:
UPDATE UserSessions
SET Theme = '555'
WHERE SessionKey = '662547442';

Part 2

  1. restore contents of the /admin/index.php file
  2. delete all cookies (or at least delete adm_sid and adm_sid_live cookies)
  3. reload the page (you should be still on Admin Login page)
  4. add following code to the end of the \UsersEventHandler::OnAfterLogin method (file: core/units/users/users_event_handler.php):
$sql = 'SELECT *
	FROM ' . TABLE_PREFIX . 'UserSessions
	WHERE SessionKey = ' . $this->Conn->qstr($this->Application->GetSID());
$fields_hash = $this->Conn->GetRow($sql);

echo '<pre>', print_r($fields_hash), '</pre>';
exit;
  1. perform login
  2. confirm, that following info will be displayed (irrelevant values replaced with ...):
Array
(
    [SessionKey] => 673153364
    [LastAccessed] => ...
    [PortalUserId] => ...
    [Language] => ...
    [Theme] => 999
    [GroupId] => ...
    [IpAddress] => ...
    [Status] => 1
    [GroupList] => ...
    [TimeZone] => ...
    [BrowserSignature] => ...
)

Diff Detail

Repository
rINP In-Portal
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

alex created this revision.Jul 29 2024, 4:50 AM
alex requested review of this revision.Jul 29 2024, 4:50 AM
alex edited the test plan for this revision. (Show Details)Jul 29 2024, 4:54 AM
alex updated this revision to Diff 1223.Jul 29 2024, 4:57 AM

Removed excessive session update statement, that happens after it's creation.

erik accepted this revision.Jul 29 2024, 5:36 AM
This revision is now accepted and ready to land.Jul 29 2024, 5:36 AM
This revision was landed with ongoing or failed builds.Jul 29 2024, 5:55 AM
Closed by commit rINP16793: Fixes INP-1870 - Save the session to the database immediately after the user… (authored by alex, committed by ). · Explain Why
This revision was automatically updated to reflect the committed changes.
alex added a child revision: Restricted Differential Revision.Aug 2 2024, 5:48 AM

Revision Contents
Changeset List

DiffIDBaseDescriptionCreatedLintUnit
BaseBase
Diff 1122216791Jul 29 2024, 4:50 AM
Diff 2122316791Removed excessive session update statement, that happens after it's creation.Jul 29 2024, 4:56 AM
Diff 3122416792rINP16793Jul 29 2024, 5:55 AM

Diff 1224

View Options

branches/5.2.x/core/kernel/session/session_storage.php

Loading...
View Options

branches/5.2.x/core/units/helpers/user_helper.php

Loading...
In-Portal CMS · In-Portal Community Pages · In-Portal Issue Tracker · In-Portal Repository Browser · Quality Assurance · In-Portal CI Server