Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 0.16.14

Bug #571 LiveUser::checkRight may succeed when not logged in
Submitted: 2004-01-13 19:29 UTC
From: jmikola at burgiss dot com Assigned: lsmith
Status: Closed Package: LiveUser
PHP Version: Irrelevant OS: ANY
Roadmaps: (Not assigned)    
Subscription  


 [2004-01-13 19:29 UTC] jmikola at burgiss dot com
Description: ------------ this method, although understandably a wrapper for the perm container, does not affirm that the user is still logged in and/or $_auth is not null before proceeding to check the rights of the user. the logout() function only bothers to set $_auth to null when cleaning up. given that, it seems possible that the LoginManager could logout a user, but still check rights on him... which doesn't seem reasonable since, for all intents and purposes, logging out effectly shuts down most of the rest of the LoginManager... and if there's no user logged in anymore, there should no longer be an association with the old user's perm container (which was initialized with his user id).

Comments

 [2004-01-26 10:42 UTC] User who submitted this comment has not confirmed identity
If you submitted this note, check your email.If you do not have a message, click here to re-send
MANUAL CONFIRMATION IS NOT POSSIBLE.  Write a message to pear-dev@lists.php.net
to request the confirmation link.  All bugs/comments/patches associated with this

email address will be deleted within 48 hours if the account request is not confirmed!
 [2004-02-03 22:45 UTC] User who submitted this comment has not confirmed identity
If you submitted this note, check your email.If you do not have a message, click here to re-send
MANUAL CONFIRMATION IS NOT POSSIBLE.  Write a message to pear-dev@lists.php.net
to request the confirmation link.  All bugs/comments/patches associated with this

email address will be deleted within 48 hours if the account request is not confirmed!