[#26156] - JFactory::getUser() returns wrong user id
- Closed
- 4 Sep 2019
- Medium
- Build: 3.9.10 Stable [ Amani ]
- # 26156
Steps to reproduce the issue
I have no mechanism to reproduce this repeatably.
The problem is -
- I have a Joomla article which runs PHP using Sourcerer, and which requires the user to be logged in.
- The code within Sourcerer tags uses JFactory::getUser() to fetch the id, username and the groups of the logged in user.
- It uses these to construct the url of an associated system and redirects to it.
- Sometimes the wrong user information is returned, causing the associated system to allocate information to the wrong user.
{source}
<?php
$user = JFactory::getUser();
$un = $user->username;
$id = $user->id;
$user_groups = $user->groups;
if ( (in_array('6',$user_groups)) || (in_array('8',$user_groups)) )
{
header("Location:https://mysite/index.php?id=".$id."&un=".$un);
}
... and so on
We have no strong evidence about what causes this problem, but it seems to have happened when a user was having trouble logging in and was resetting their password. The incorrect user returned was a user that logged on during these various attempts to reset the password. That could be coincidence, but worth mentioning.
During the period of a few hours, 3 different users were affected by the problem, all getting the same incorrect user returned. However, it doesn't seem to have happened again in the last 24 hours.
Expected result
JFactory::getUser() returns the logged in user.
Actual result
JFactory::getUser() returns the details of another user.
System information (as much as possible)
Database Type = mysql
Database Version = 5.6.40-84.0-log
Database Collation = utf8_general_ci
Database Connection Collation = utf8mb4_general_ci
PHP Version = 7.1.30
Web Server = Apache
WebServer to PHP Interface = cgi-fcgi
Joomla! Version = Joomla! 3.9.10 Stable [ Amani ] 10-July-2019 15:57 GMT
Joomla! Platform Version = Joomla Platform 13.1.0 Stable [ Curiosity ] 24-Apr-2013 00:00 GMT
User Agent = Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0
Extensions
Sourcerer = v8.0.0
Additional comments
System caching was switched off.
gSGCache was installed and enabled. I have now disabled this in case this is a caching problem.
Session timeout was set to 60. I have now set it to 30.
joomla-cms-bot
- | Labels |
Added:
J3 Issue
|
||
| Priority | Urgent | ⇒ | Medium |
| Status | New | ⇒ | Information Required |
The problem is the cache at your host created with the sgcache plugin.
Ok, yes, I will upgrade to the latest version.
Re gSGCache plugin - thanks. I disabled that last night, so hopefully that has fixed the issue. I'll report back if the problem recurs.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/26156.
Maybe it would make sense if Peter van Westen of Regularlabs (sourcerer - author) would be involved here? (Though I tend to Brian's suggestion as well)
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/26156.
Please close this - it can always be reopened if needed but the first places to check are with the two non core extensions
Quy
- | Status | Information Required | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2019-09-04 20:27:30 |
| Closed_By | ⇒ | Quy |
Please use latest Version 3.9.11