Joomla! Issue Tracker | Joomla! CMS #34798 - [3.9.28] Changing user in backend always destroys user session.

Closed
22 Jul 2021
Medium
Build: staging
# 34798

Flowman
15 Jul 2021

Steps to reproduce the issue

Noticed in latest 3.9.28 there is a new function to destroy user session if password or block has been changed.

joomla-cms/administrator/components/com_users/models/user.php

Line 308 in ced954f

if ($data['password'] || $data['block'])

Problem is that the 'password' always contains a string, so it will always destroy the session. It should be using the 'password2' variable that is only set on password changes.

Expected result

Change a user in backend, and frontend session should not get destroyed when not changing password or blocking user.

Actual result

Session always get destroyed.

System information (as much as possible)

Joomla 3.9.28
Php 7.4.20

Additional comments

Flowman - open - 15 Jul 2021

joomla-cms-bot - change - 15 Jul 2021

Labels

Added: ?

joomla-cms-bot - labeled - 15 Jul 2021

richard67 - comment - 15 Jul 2021

Ping @SniperSister .

SniperSister - comment - 15 Jul 2021

confirmed!

Quy - close - 22 Jul 2021

Quy - comment - 22 Jul 2021

Please test PR #34868.

Quy - change - 22 Jul 2021

Status	New	⇒	Closed
Closed_Date	0000-00-00 00:00:00	⇒	2021-07-22 13:57:33
Closed_By		⇒	Quy

Add a Comment

Older
Newer

Joomla! Issue Tracker - CMS