Page MenuHomeIn-Portal Phabricator

INP-1871 - Properly dispose session during logout workflow
ClosedPublic

Authored by alex on Jul 29 2024, 8:24 AM.

Details

Test Plan
  1. don't apply this patch
  2. login to the Admin Console
  3. enable to DBG_REDIRECT in the /system/debug.php (assuming, that Debug Mode is enabled as well)
  4. press the Logout link in the top frame
  5. confirm, this SQL is present in the Debugger Report:
DELETE FROM UserSessionData
WHERE SessionId = '' AND VariableName = 'priority_deleted';
  1. click on the link, that DBG_REDIRECT shown instead of a page content
  2. click on the link, that DBG_REDIRECT shown instead of a page content
  3. confirm, that the Admin Login page is displayed
  4. apply the patch
  5. login to the Admin Console (click on the any DBG_REDIRECT shown links as needed)
  6. press the Logout link in the top frame
  7. confirm, that SQL, that removes the priority_deleted session variable has disappeared

Diff Detail

Repository
rINP In-Portal
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

alex created this revision.Jul 29 2024, 8:24 AM
alex requested review of this revision.Jul 29 2024, 8:24 AM
alex edited the test plan for this revision. (Show Details)Jul 29 2024, 8:24 AM
erik accepted this revision.Jul 29 2024, 9:43 AM

Tested by using PHPStorm+XDebug with breakpoint in the SessionStorage::RemoveFromData method. Before patch applying SQL, that removes the priority_deleted session variable was executed. After patch applying SQL, that removes the priority_deleted session variable was not executed, because SessionSet property is set to false.

Testing by plan was failed because:

  1. Debugger Report was broken (after logout before patch applying).
  2. Shoudl follow 2 redirect links after kogout to get login page, not one:

https://erik-php74.office.intechnic.com/SVN/5.2.x/admin/index.php?env=-index%3Am0--1--s-%3Au-----
https://erik-php74.office.intechnic.com/SVN/5.2.x/admin/index.php?env=-login%3Am0--1--s-%3Au-----&next_template=index

This revision is now accepted and ready to land.Jul 29 2024, 9:43 AM
alex edited the test plan for this revision. (Show Details)Jul 29 2024, 9:48 AM
This revision was automatically updated to reflect the committed changes.
alex added a child revision: Restricted Differential Revision.Aug 2 2024, 5:48 AM