View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0006097 | mantisbt | security | public | 2005-08-08 20:32 | 2005-09-11 08:12 |
Reporter | mspears | Assigned To | thraxisp | ||
Priority | normal | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.0.0rc1 | ||||
Fixed in Version | 1.0.0rc2 | ||||
Summary | 0006097: user ID is cached indefinately | ||||
Description | Whenever you run the CVS checkin script, the user always shows up as anonymous (if anonymous logins are allowed). This problem exists because the $g_cache_current_user_id variable is global and never resets to NULL upon successful authentication. In authentication_api.php, the function auth_get_current_user_id() defines
This creates an indefinite user ID cache that never gets purged. So, whomever calls this function first wins. | ||||
Additional Information | For our purposes, we added code to reset the cached user ID upon successful authentication like
This fixed the anonymous CVS user problem. However, I'm sure there are other places where authentication may occur which also needs to reset the cached user ID. | ||||
Tags | No tags attached. | ||||
The $g_cache_current_user_id variable should persist through the run of the program. It serves to reduce the number of database queries. You are correct, however, that it should be cleared, or properly set when the script login happens. I also noted that the user cookie evaluation may be wrong in some cases. Fixed in CVS. |
|