Description

When you use the admin feature to switch to a different user, your own user account isn't logged out. This isn't really a problem unless some authentication methods expect to actually do something when you log out.

Currently, this isn't a problem since the cookies don't expire anyway. However, my work in progress patches make cookies expire when you log out by tagging each cookie with its own secret string stored in the wiki to avoid cookie stealing. With that, a superuser is still susceptible to cookie stealing when using the setuid functionality because the superuser cookie isn't cleared.

Steps to reproduce

  1. Log in as a superuser
  2. switch to a different user

Details

The problem comes from the fact that the userpreferences action simply uses auth.setSessionCookie() to create a new session for the target user. I think we should separate this by making the auth framework aware of the setuid functionality. That way, we can also allow a superuser to switch to a different user account again when they're done with the work of that user.

Another thing that this would fix is that with my current patch only 20 different cookies are allowed for each user. When a superuser switches to an account, one of those 20 is actually used up and possibly an old one expired.

Discussion

I have now completely reimplemented the select user functionality with the following patch series:

Plan


CategoryMoinMoinBugFixed

MoinMoin: MoinMoinBugs/SelectUserDoesntLogOut (last edited 2007-10-29 19:12:00 by localhost)