Bug #570 :: LiveUser::logout remember-me fails and perm left set

Package home | Report new bug | New search | Development Roadmap

Status: Open | Feedback | All | Closed Since Version 0.16.14

Bug #570	LiveUser::logout remember-me fails and perm left set
Submitted:	2004-01-13 19:27 UTC
From:	jmikola at burgiss dot com	Assigned:	markus
Status:	Closed	Package:	LiveUser
PHP Version:	Irrelevant	OS:	ANY
Roadmaps:	(Not assigned)
Subscription	Your email:

Comments Add Comment Add patch

[2004-01-13 19:27 UTC] jmikola at burgiss dot com

Description:
------------
towards the end of the function:

when setting the $_auth reference back to null, shouldn't the $_perm reference also be set to null (see aforementioned point). also, as after a successful login in tryLogin(), i think it also be wise to call the appropriate
disconnect() methods in the auth/perm containers to further clean up.

during the unsetting of cookies/session vars:

when logging out, the remember-me cookie seems to be killed. this includes the scenario where the user's login expired or idled out. isn't the purpose of the remember-me cookie such that after the user idles our expires, he's able to come back and have his cookie log him back in automatically? the current behavior voids this effect.

Comments

[2004-02-08 10:25 UTC] User who submitted this comment has not confirmed identity

If you submitted this note, check your email.If you do not have a message, click here to re-send
MANUAL CONFIRMATION IS NOT POSSIBLE.  Write a message to pear-dev@lists.php.net
to request the confirmation link.  All bugs/comments/patches associated with this

email address will be deleted within 48 hours if the account request is not confirmed!

[2004-02-27 15:00 UTC] User who submitted this comment has not confirmed identity

If you submitted this note, check your email.If you do not have a message, click here to re-send
MANUAL CONFIRMATION IS NOT POSSIBLE.  Write a message to pear-dev@lists.php.net
to request the confirmation link.  All bugs/comments/patches associated with this

email address will be deleted within 48 hours if the account request is not confirmed!

[2004-04-22 14:24 UTC] smith at backendmedia dot com

whats happening on this one?

[2004-04-22 16:39 UTC] User who submitted this comment has not confirmed identity

If you submitted this note, check your email.If you do not have a message, click here to re-send
MANUAL CONFIRMATION IS NOT POSSIBLE.  Write a message to pear-dev@lists.php.net
to request the confirmation link.  All bugs/comments/patches associated with this

email address will be deleted within 48 hours if the account request is not confirmed!

[2004-04-24 11:30 UTC] smith at backendmedia dot com

I hope to get time to test this patch soon. After a quick look it seems like we need to put an if around the $this->status setting at the beginning of logut():

if ($this->status != LIVEUSER_STATUS_IDLED ||
    $this->status != LIVEUSER_STATUS_EXPIRED
) {
    $this->status = LIVEUSER_STATUS_LOGGEDOUT;
}

[2004-04-24 17:20 UTC] smith at backendmedia dot com

This bug has been fixed in CVS.

In case this was a documentation problem, the fix will show up at the
end of next Sunday (CET) on pear.php.net.

In case this was a pear.php.net website problem, the change will show
up on the website in short time.
 
Thank you for the report, and for helping us make PEAR better.