-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Creating a user and immediately logging in does not work #60
Comments
I am getting this error logged
Not sure if it is a timing problem or something random |
Findings during debugging: I am deleting the user in mdl_user for testing and then call my external application. I can enforce this problem when I patch the module like this
I digged that down to this code being called:
so whenever require_logout is called, the session is not properly established afterwards, I believe |
We do not call require_logout, in cases where the user is logged in anyways afterwards. Additionally, in case of an error also we do not destroy the existing session
Hi @amenk ! |
Hi @dmitriim , unfortunately I cannot really clearly reproduce. Basically we have a Magento shop which request the token from the userkey endpoint, autocreate is on. When using debug mode I get the "Cannot regenerate session id - session is not active" error as stated above. I assume this happens always when require_logout is called before the login. As stated above, for testing purpose I called require_logout in all of the times, and it was 100% reproducible. I had a hard time tracing it, because with xdebug and step-by-step debugging it most of the time does not appear, so it might be somewhat timing related as well. In the end of the day I think my fix makes sense, because we don't really have to log out, when we log in anyways. |
do you use a system web service user for generating a token? > In the end of the day I think my fix makes sense, because we don't really have to log out, when we log in anyways. This could be true in your case, but that logic was added to fix a bug when we actually have an active session already and a different user is trying to login using the same browser. So we check if the user is actually different and then logout the current user and them log in a new one. This logic must stay in place. You may want to spend a little bit more time trying to replicate the issue. Huge benefit would be if you can replicate it using unit tests. So in this case we could be confident when we fix it. Also would be good know other prerequisites like Moodle version, session storage, the way WS is configured and etc. |
What do you mean with system Webservice? Do you think this makes a difference? Why? I added the moodle version at the top post. |
This issue still persists, I can reproduce it with a vanilla Moodle 4, and the example script from the plugin. I think this is mainly a problem for developers: New users will not be logged in, if an existing user is logged in for the same browser session. In this case, the old user is logged out first, but the link expired and therefore login fails. Therefore, unless you need to have multiple users in the same session, it should not be a problem "in the wild". Still would be good to fix, for robustness... |
Hi @janbucher I think now I understand a scenario you are facing.
Can you please confirm? If it's so, then it's 100% a bug as I would expect initial user should be logged in. |
@dmitriim yes, this is the behavior we observe. There are two unexpected scenarios for the user: If an active session is present, she will be prompted to login, if she reuses the link, it will be expired. |
I have auto create on and creating the user is working.
But the direct userkey login isn't.
If I put a delay of 10 seconds between creation an calling the moodle link, it works
Edit:
The text was updated successfully, but these errors were encountered: