View Issue Details

Jump to NotesJump to History
This bug affects 1 person(s).
 6
IDProjectCategoryView StatusDate SubmittedLast Update
19304Bug reportsUser / Groups / Rolespublic2023-12-08 09:572024-01-11 11:22
Reporterollehar Assigned Tomohabmes  
PrioritynoneSeverityminor 
Status resolvedResolutionfixed 
Summary19304: User session is not killed when user is marked as non-active
Description

Related to New feature 19201.

Basically, active status is only checked at login, not on each request. But fixing it might lead to upgrade issue? Have to check dbversion too?

TagsNo tags attached.
Bug heat6
Complete LimeSurvey version number (& build)develop
I will donate to the project if issue is resolvedNo
Browser-
Database type & version-
Server OS (if known)-
Webserver software & version (if known)-
PHP Version-

Users monitoring this issue

There are no users monitoring this issue.

Activities

ollehar

ollehar

2023-12-08 10:10

administrator   ~78922

Hmmm seems it's only possible to kill an arbitrary user's session if db session is used.
https://forum.yiiframework.com/t/force-logout-a-user/21598/4
DenisChenu

DenisChenu

2023-12-11 11:35

developer   ~78935

We can use same solution than in Account past their expiration date can be still active

  1. Create a scope : https://github.com/LimeSurvey/LimeSurvey/blob/7558178fe4dd473b9ee3e75e447940a181b67d4e/application/models/User.php#L131 , maybe rename current to notexpired
  2. Use this scope in https://github.com/LimeSurvey/LimeSurvey/blob/7558178fe4dd473b9ee3e75e447940a181b67d4e/application/core/Traits/LSApplicationTrait.php#L33 User::model()->notexpired()->active()->findByPk

It's done.

Since it's related to Plugin : i can be great to have an event in scope.

$activeScope = array(
    'condition' => "active = :active",
    'params' => array(
        'active' => 1,
    )
);
$event = new PluginEvent('UserScope');
$event->set('active', $activeScope);
App()->getPluginManager()->dispatchEvent($event);
$activeScope = $event->get('active');

Then another plugin can get active in another DB (for example in LDAP server for AuthDB)
DenisChenu

DenisChenu

2024-01-09 20:07

developer   ~79125

@mohabmes : if you're OK, i can take it
mohabmes

mohabmes

2024-01-10 10:58

developer   ~79129

@DenisChenu Implemented already. Here's the pull request https://github.com/LimeSurvey/LimeSurvey/pull/3690
DenisChenu

DenisChenu

2024-01-10 11:39

developer   ~79131

:+1:

Issue History

Date Modified Username Field Change
2023-12-08 09:57 ollehar New Issue
2023-12-08 10:10 ollehar Note Added: 78922
2023-12-08 10:10 ollehar Bug heat 0 => 2
2023-12-11 11:35 DenisChenu Note Added: 78935
2023-12-11 11:35 DenisChenu Bug heat 2 => 4
2023-12-12 19:08 mohabmes Assigned To => mohabmes
2023-12-12 19:08 mohabmes Status new => assigned
2024-01-09 20:07 DenisChenu Note Added: 79125
2024-01-10 10:58 mohabmes Note Added: 79129
2024-01-10 10:58 mohabmes Bug heat 4 => 6
2024-01-10 11:39 DenisChenu Note Added: 79131
2024-01-11 11:22 ollehar Status assigned => resolved
2024-01-11 11:22 ollehar Resolution open => fixed