Closed (fixed)
Project:
Services
Version:
7.x-3.x-dev
Component:
Code
Priority:
Normal
Category:
Task
Assigned:
Reporter:
Created:
25 Jan 2013 at 05:45 UTC
Updated:
14 Feb 2013 at 05:00 UTC
Jump to comment: Most recent file
The code in session authentication has following conditions:
//If the user is logged in already and the callback contains the string login
//we need to set it to the original user so that the already logged in as @user message
//is displayed
if (strpos($arg[1]['callback'], 'login') !== FALSE) {
if($original_user->uid != 0) {
$user = $original_user;
}
}
//For every callback that has nothing to do with login we need to
//set it to the original user so that they are no longer anonymous
if (strpos($arg[1]['callback'], 'login') === FALSE) {
// The account should be restored to the session's user.
$user = $original_user;
}
This means that only in one case we do not do $user = $original_user; and that case is when anonymous user calls "login" method. But we change user object to anonymous user anyway. So we simply to not change one anonymous user object with another and that does not make much sense.
What I propose is to simplify all these conditions with simple:
$user = $original_user;
without any conditions.
| Comment | File | Size | Author |
|---|---|---|---|
| #1 | services-1898446-simplify-session-authentication.patch | 958 bytes | ygerasimov |
Comments
Comment #1
ygerasimov commentedComment #2
ygerasimov commentedComment #3
ygerasimov commented