When two or more users (for example with UID 1, 2 and 3) start masquerading as the same user (with UID 10) and user 1 stops masquerading the remaining users 2 and 3 are kicked out from masquerading too but keep logged in as user 10. That's because their corresponding records in the masquerade table are deleted as well in masquerade_switch_back(). There are two SQL conditions, sid (Session IDs of user 1, 2 and 3) and uid_as (UID of user 10 in the example above). This two conditions are ORed together so any condition can match. In the example: either the sid of user 1 or the uid of user 10 matches so it deletes all records for users which currently masquerading as user 10. In the result the remaining users are still logged in as user 10 but are not able to switch back from masquerading.

To fix this the conditions must be ANDed so only the record for the user switching back (identified by sid) from user 10 will be removed.

PS: To native english speakers: I tried to find a descriptive issue title - feel free to make it more understandable :)

Files: 

Comments

Title:Keep logged in as masqueraded user after switching back when multiple users are masquerading the same userOther users get logged in as masqueraded user after switching back when multiple users are masquerading the same user
StatusFileSize
new754 bytes

The attached patch fixes this.

Status:Active» Needs review

Assigned:Unassigned» tlattimore

Sending to tlattimore.

Status:Needs review» Fixed

Committed.

Version:7.x-1.x-dev» 8.x-1.x-dev
Status:Fixed» Patch (to be ported)

Probably needs to be put on 8.x too.

Version:8.x-1.x-dev» 7.x-1.x-dev
Status:Patch (to be ported)» Reviewed & tested by the community
StatusFileSize
new537 bytes

Commited to 8.x a different patch. (attached)

Suppose we need a sane comment about.

latter in this function session_id() is changing so we need to clean-up all staff related in out table for old session ID.

Issue summary:View changes

Removed senseless "stop" from "..but are not able to stop switch back from masquerading."