Download & Extend

Losing masquerade when changing password

Project:Masquerade
Version:6.x-1.x-dev
Component:Code
Category:bug report
Priority:normal
Assigned:Unassigned
Status:closed (fixed)

Issue Summary

If I masquerade as a user and then navigate to account details and change that user's password it appears I am no longer masquerading but am actually logged in as that user. Trying to go to /masquerade/unswitch at this point does not work.

Comments

#1

Version:5.x-1.2» 6.x-1.x-dev

This is caused by the session being regenerated when the password is changed. I think the best solution is to implement hook_user, save the sid before the password is changed, and then update the session after a new one is generated.

Or, we could add a note that changing the password will prevent switching back for security purposes. Or, disable password changing completely.

#2

Status:active» fixed

Here is a patch which fixes the issue by storing the old session ID and updating the {masquerade} table if the sid is changed. I'll be committing it shortly.

AttachmentSize
301620_update_session_password_edit.patch 1.29 KB

#3

Status:fixed» closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.