invalidate all user session cache when userdatabase is changed FS#1085

A reference file is now stored in data/cache/sessionpurge and is used to check if user sessions are still valid. To accomondate for slow auth backends DokuWiki caches user info for a certain time in the user session. darcs-hash:20080215114923-7ad00-6874d5211efce7d07e54de37244becc2387c1ba7.gz

invalidate all user session cache when userdatabase is changed FS#1085
A reference file is now stored in data/cache/sessionpurge and is used to check if user sessions are still valid. To accomondate for slow auth backends DokuWiki caches user info for a certain time in the user session. darcs-hash:20080215114923-7ad00-6874d5211efce7d07e54de37244becc2387c1ba7.gz
9ec82636 · Andreas Gohr · d186898b · 9ec82636 · 9ec82636
Commit 9ec82636 authored 17 years ago by Andreas Gohr
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -157,6 +157,7 @@ function auth_login($user,$pass,$sticky=false,$silent=false){
    if($user && $pass){
      // we got a cookie - see if we can trust it
      if(isset($session) &&
+        ($session['time'] >= @filemtime($conf['cachedir'].'/sessionpurge')) &&
        ($session['time'] >= time()-$conf['auth_security_timeout']) &&
        ($session['user'] == $user) &&
        ($session['pass'] == $pass) &&  //still crypted

--- a/lib/plugins/usermanager/admin.php
+++ b/lib/plugins/usermanager/admin.php
@@ -364,6 +364,8 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin {
     * Delete user
     */
    function _deleteUser(){
+        global $conf;
+
        if (!checkSecurityToken()) return false;
        if (!$this->_auth->canDo('delUser')) return false;

@@ -381,6 +383,9 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin {
          msg("$part1, $part2",-1);
        }

+        // invalidate all sessions
+        io_saveFile($conf['cachedir'].'/sessionpurge',time());
+
        return true;
    }

@@ -410,6 +415,8 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin {
     * Modify user (modified user data has been recieved)
     */
    function _modifyUser(){
+        global $conf;
+
        if (!checkSecurityToken()) return false;
        if (!$this->_auth->canDo('UserMod')) return false;

@@ -455,6 +462,9 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin {
            $this->_notifyUser($notify,$newpass);
          }

+          // invalidate all sessions
+          io_saveFile($conf['cachedir'].'/sessionpurge',time());
+
        } else {
          msg($this->lang['update_fail'],-1);
        }