user_save regenerates the session even when current user != edited user.
Heine - August 23, 2007 - 20:12
| Project: | Drupal |
| Version: | 6.x-dev |
| Component: | user system |
| Category: | bug report |
| Priority: | critical |
| Assigned: | Unassigned |
| Status: | closed |
Description
After http://drupal.org/node/165358, we still regenerate the session when changing the password of another user. Granted, changing a password for another user doesn't occur that much.
| Attachment | Size |
|---|---|
| sess_regen_current_user.patch | 925 bytes |
#1
#2
Still applies to 5.x and even 6.x, but needs to be committed to HEAD and backported. Attached is the 6.x version. It is a straightforward update and looks good, so marking RTBC.
#3
this bug affects all tests that'll try so do something as the root user admin.
this (example) test gives WSOD due to this bug.
<?php
class UserRootAdminLoginTestCase extends DrupalWebTestCase {
function getInfo() {
return array(
'name' => t('Login as root admin'),
'description' => t('Tries to login as root admin.'),
'group' => t('User')
);
}
/**
* Try logging in as root administrator
*/
function testRootAdminLogin() {
// generate a password for the user
$password = user_password();
$root_admin = user_save(user_load(1), array('pass' => $password));
// Add the raw password so that we can log in as this user.
$root_admin->pass_raw = $password;
// login as the root administrator
$this->drupalLogin($root_admin);
}
}
?>
#4
Committed to CVS HEAD. Updating version to Drupal 6.
#5
The original patch works for Drupal 6, but I generated one from Drupal 6 because we really need this to make tests work.
#6
Looks good, committed to 6.x, thanks!
#7
Automatically closed -- issue fixed for two weeks with no activity.