From: Tim Düsterhus Date: Wed, 12 May 2021 09:49:52 +0000 (+0200) Subject: Do not change the userID of legacy sessions during update X-Git-Tag: 5.4.0_Alpha_3~47 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=346def0ae1eaee9b3f1ee35575550b320ad3f0eb;p=GitHub%2FWoltLab%2FWCF.git Do not change the userID of legacy sessions during update This causes issues when combined with the `hideSession` parameter of SessionHandler::changeUser() and is not required, because an existing session will *never* change its userID. 1. During login (changing user to non-guest) the previous user's session will be deleted together with the legacy session matching the sessionID, a new session will be created, its assigned legacy session will be deleted, then the userID will be adjusted and the session reloaded, thus creating a legacy session with the appropriate userID (or re-using an existing one of that newly logged-in user). The legacy session of the previous user will never be reused as the legacy session for the new user. 2. During logout (changing user to guest) the previous user session will simply be deleted together with the legacy session matching the sessionID. A new session + legacy session for the guest will be created for the next request. The legacy session of the user will never be reused as the legacy session for the guest. Resolves WoltLab/com.woltlab.pluginStore#39 --- diff --git a/wcfsetup/install/files/lib/system/session/SessionHandler.class.php b/wcfsetup/install/files/lib/system/session/SessionHandler.class.php index f54eb30d56..6c13bf0585 100644 --- a/wcfsetup/install/files/lib/system/session/SessionHandler.class.php +++ b/wcfsetup/install/files/lib/system/session/SessionHandler.class.php @@ -1227,7 +1227,6 @@ final class SessionHandler extends SingletonFactory 'requestURI' => $this->requestURI, 'requestMethod' => $this->requestMethod, 'lastActivityTime' => TIME_NOW, - 'userID' => $this->user->userID, 'sessionID' => $this->sessionID, ]; if (!\class_exists('wcf\system\CLIWCF', false) && !$this->disableTracking) {