MDL-17617 - installation session related improvements; logout fixes + other improvements

diff --git a/admin/index.php b/admin/index.php
index b968ecd6b8a0d1a5976c7e16c99844b336675f3b..02029d3fa4a5b2421dd396824d17add1aa462a81 100644 (file)
--- a/admin/index.php
+++ b/admin/index.php
@@ -100,6 +100,10 @@
         $origdebug = $CFG->debug;
         $CFG->debug = DEBUG_MINIMAL;
         error_reporting($CFG->debug);
+
+    /// remove current session content completely
+        session_get_instance()->terminate_current();
+
         if (empty($agreelicense)) {
             $strlicense = get_string('license');
             $navigation = build_navigation(array(array('name'=>$strlicense, 'link'=>null, 'type'=>'misc')));
@@ -327,10 +331,15 @@
 /// make sure admin user is created - this is the last step because we need
 /// session to be working properly in order to edit admin account
     if (empty($CFG->rolesactive)) {
+        $sessionstarted = optional_param('sessionstarted', 0, PARAM_BOOL);
+        if (!$sessionstarted) {
+            // we neeed this redirect to setup proper session
+            upgrade_log_finish('index.php?sessionstarted=1');
+        }
         $adminuser = create_admin_user();
         $adminuser->newadminuser = 1;
         complete_user_login($adminuser, false);
-        upgrade_log_finish("$CFG->wwwroot/user/editadvanced.php?id=$adminuser->id"); // Edit thyself
+        redirect("$CFG->wwwroot/user/editadvanced.php?id=$adminuser->id"); // Edit thyself
 
     } else {
     /// just make sure upgrade logging is properly terminated

diff --git a/admin/settings/server.php b/admin/settings/server.php
index 3338d768a05f480bbffbdf0c368dd028ab2666f1..34417daaf8db20588ac1e3ef9a0d3009accd79c0 100644 (file)
--- a/admin/settings/server.php
+++ b/admin/settings/server.php
@@ -75,7 +75,7 @@ $ADMIN->add('server', $temp);
 
 // "sessionhandling" settingpage
 $temp = new admin_settingpage('sessionhandling', get_string('sessionhandling', 'admin'));
-$temp->add(new admin_setting_configcheckbox('dbsessions', get_string('dbsessions', 'admin'), get_string('configdbsessions', 'admin'), 0));
+$temp->add(new admin_setting_configcheckbox('dbsessions', get_string('dbsessions', 'admin'), get_string('configdbsessions', 'admin'), 1));
 $temp->add(new admin_setting_configselect('sessiontimeout', get_string('sessiontimeout', 'admin'), get_string('configsessiontimeout', 'admin'), 7200, array(14400 => get_string('numhours', '', 4),
                                                                                                                                                       10800 => get_string('numhours', '', 3),
                                                                                                                                                       7200 => get_string('numhours', '', 2),

diff --git a/auth/shibboleth/login.php b/auth/shibboleth/login.php
index a974adf5d9be035dddf21d5f503e58847b8f3e94..951e6fec0cf8eb5071567a7b73858840f12a55b8 100644 (file)
--- a/auth/shibboleth/login.php
+++ b/auth/shibboleth/login.php
@@ -10,7 +10,7 @@
 /// Check for timed out sessions
     if (!empty($SESSION->has_timed_out)) {
         $session_has_timed_out = true;
-        $SESSION->has_timed_out = false;
+        unset($SESSION->has_timed_out);
     } else {
         $session_has_timed_out = false;
     }

diff --git a/lib/sessionlib.php b/lib/sessionlib.php
index e5603de6494286e3eaf7497d521c85ff288d50c0..1435d7ef707c2d59b8cddc55584c7760cd336f48 100644 (file)
--- a/lib/sessionlib.php
+++ b/lib/sessionlib.php
@@ -18,8 +18,7 @@ function session_get_instance() {
             $session_class = SESSION_CUSTOM;
             $session = new $session_class();
 
-        //} else if ((!isset($CFG->dbsessions) or $CFG->dbsessions) and $DB->session_lock_supported()) {
-        } else if (!empty($CFG->dbsessions) and $DB->session_lock_supported()) {
+        } else if ((!isset($CFG->dbsessions) or $CFG->dbsessions) and $DB->session_lock_supported()) {
             // default recommended session type
             $session = new database_session();
 
@@ -39,6 +38,11 @@ interface moodle_session {
      */
     public function terminate_current();
 
+    /**
+     * Terminates all sessions.
+     */
+    public function terminate_all();
+
     /**
      * No more changes in session expected.
      * Unblocks the sesions, other scripts may start executing in parallel.
@@ -76,7 +80,9 @@ abstract class session_stub implements moodle_session {
             $this->prepare_cookies();
             $this->init_session_storage();
 
-            if (!empty($CFG->usesid) && empty($_COOKIE['MoodleSession'.$CFG->sessioncookie])) {
+            $newsession = empty($_COOKIE['MoodleSession'.$CFG->sessioncookie]);
+
+            if (!empty($CFG->usesid) && $newsession) {
                 sid_start_ob();
             } else {
                 $CFG->usesid = 0;
@@ -88,6 +94,9 @@ abstract class session_stub implements moodle_session {
             @session_start();
             if (!isset($_SESSION['SESSION'])) {
                 $_SESSION['SESSION'] = new object();
+                if (!$newsession and !empty($CFG->rolesactive)) {
+                    $_SESSION['SESSION']->has_timed_out = true;
+                }
             }
             if (!isset($_SESSION['USER'])) {
                 $_SESSION['USER'] = new object();
@@ -110,14 +119,16 @@ abstract class session_stub implements moodle_session {
         }
 
         $_SESSION = array();
-
-        $SESSION  = new object();
-        $USER     = new object();
-        $USER->id = 0;
+        $_SESSION['SESSION'] = new object();
+        $_SESSION['USER']    = new object();
+        $_SESSION['USER']->id = 0;
         if (isset($CFG->mnet_localhost_id)) {
-            $USER->mnethostid = $CFG->mnet_localhost_id;
+            $_SESSION['USER']->mnethostid = $CFG->mnet_localhost_id;
         }
 
+        $SESSION = $_SESSION['SESSION']; // this may not work properly
+        $USER    =  $_SESSION['USER'];   // this may not work properly
+
         // Initialize variable to pass-by-reference to headers_sent(&$file, &$line)
         $file = null;
         $line = null;
@@ -125,11 +136,11 @@ abstract class session_stub implements moodle_session {
             error_log('Can not terminate session properly - headers were already sent in file: '.$file.' on line '.$line);
         }
 
-        // now let's try to get a new session id and destroy the old one
-        @session_regenerate_id(true);
+        // now let's try to get a new session id
+        session_regenerate_id();
 
         // close the session
-        @session_write_close();
+        session_write_close();
     }
 
     /**
@@ -298,6 +309,9 @@ class legacy_file_session extends session_stub {
         ini_set('session.save_path', $CFG->dataroot .'/sessions');
     }
 
+    public function terminate_all() {
+        // TODO
+    }
 }
 
 /**
@@ -329,6 +343,15 @@ class database_session extends session_stub {
         }
     }
 
+    public function terminate_all() {
+        try {
+            // do not show any warnings - might be during upgrade/installation
+            $this->database->delete_records('sessions');
+        } catch (dml_exception $ignored) {
+            
+        }
+    }
+
     public function handler_open($save_path, $session_name) {
         global $DB;
 

diff --git a/login/index.php b/login/index.php
index bea71e8adc5170c987f3111839dbd117362bde87..385dce6156622389e38655044e74e504dbc996ed 100644 (file)
--- a/login/index.php
+++ b/login/index.php
@@ -19,7 +19,7 @@
 /// Check for timed out sessions
     if (!empty($SESSION->has_timed_out)) {
         $session_has_timed_out = true;
-        $SESSION->has_timed_out = false;
+        unset($SESSION->has_timed_out);
     } else {
         $session_has_timed_out = false;
     }