moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-04 16:36:37 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDL-45485 auth_shibboleth: User taking over other user's session

Browse source 
Replacing code with call to complete_user_login() since it calls session_regenerate_id().
This commit is contained in:
Rex Lorenzo 2014-05-16 15:26:25 -07:00 committed by Marina Glancy
parent 33bd0be19d
commit a5abafcde2
1 changed files with 1 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

16
auth/shibboleth/index.php
View file

@ -47,21 +47,7 @@
if ($shibbolethauth->user_login($frm->username, $frm->password) if ($shibbolethauth->user_login($frm->username, $frm->password)
&& $user = authenticate_user_login($frm->username, $frm->password)) { && $user = authenticate_user_login($frm->username, $frm->password)) {
enrol_check_plugins($user); complete_user_login($user);
session_set_user($user);
$USER->loggedin = true;
$USER->site = $CFG->wwwroot; // for added security, store the site in the
update_user_login_times();
// Don't show previous shibboleth username on login page
set_login_session_preferences();
unset($SESSION->lang);
$SESSION->justloggedin = true;
add_to_log(SITEID, 'user', 'login', "view.php?id=$USER->id&course=".SITEID, $USER->id, 0, $USER->id); add_to_log(SITEID, 'user', 'login', "view.php?id=$USER->id&course=".SITEID, $USER->id, 0, $USER->id);
if (user_not_fully_set_up($USER)) { if (user_not_fully_set_up($USER)) {