ILIAS icon indicating copy to clipboard operation
ILIAS copied to clipboard

Published 20 hours ago verified publisher icon ILIAS-eLearning

Switches redirect targets if there is an init authentication error

Open PurHur opened this issue 3 years ago • 5 comments

(This is PR https://github.com/ILIAS-eLearning/ILIAS/pull/2580 just reopened for Ilias7)

Mantis: https://mantis.ilias.de/view.php?id=31639

Changed behavior in >5.4 (i dont know if 6 or 7 changed this): @smeyer-ilias fixed the error with a different commit: https://github.com/ILIAS-eLearning/ILIAS/commit/2fed39872db978c00f8dbdfcf1b678830d6aba04

But this doesnt work anymore since $GLOBALS['DIC']['ilAuthSession']->getUserId() stores now the value of the expired user session e.g. 6 for the root user. ID 6 is not anonymous. So there is a redirect loop to the login page.

My old change request still works in Ilias 7.

Old PR description: If the public area is enabled the error should be shown in the anonymous area since the login page blockes a user from proceeding any further with an expired session. The user has to login successfully or has to clear the cookies to escape a redirect loop to the login.php.

Steps to reproduce: 1)Setup ilias with an anonymous area. 2)Login 3)Surf in the anonymous area until the session expires

PurHur avatar Nov 22 '21 11:11 PurHur

I dont know why the check fails. Just a pipeline error? I cant see why it should not work with 7.3 but with 7.4. I just moved an if.

PurHur avatar Nov 22 '21 12:11 PurHur

This is a bug not an improvement. Also this was a fixed bug in 5.4. So now this cant be an improvement.

This is quite a important Pull Request for me and all my projects. How can we speed up this?

PurHur avatar Nov 26 '21 18:11 PurHur

Ping.

Sorry that i arent able to join your JF but mondays are not a great date for me, i have other meetings in this timeslot. Still i want to trigger a discussion about this change.

If a user lost a valid session the user is redirected to the login page. This is ok, but he wont be able to leave in the current state. Also there is no mechanic known to me that the user will be redirected to the last point he was logged in in ilias, so its not sooo much of a change that its the public page (the default starting page) to show the session timeout error. Also its fixes the redirect loop error in one go.

Please contact me if you have questions. I am willing to make changes but in the meantime i have to bugfix every installation i got because they heavily use the public area for showing content to the users.

PurHur avatar Mar 21 '22 17:03 PurHur

Hi @pascalseeland,

we had a look into this PR in the Technical Board today and found that there is no feedback from you yet. Please try to react to PRs within 21 days as described in our guidelines.

Thanks!

klees avatar Aug 23 '22 14:08 klees

I will also test this. It could be solved by the change that a User with ID 0 is also anonymous. Just a hint. It could be solved by fixing other stuff.

PurHur avatar Aug 23 '22 15:08 PurHur

Hi @pascalseeland

As Technical Board, we regularly check for pull requests that have been open for a long time. Any Updates on this? Note, that you can also close this, if you are not able or if you not have the ressources to look into it in detail.

maybe there is now a relation to #5458

Best regards!

chfsx avatar Jan 24 '23 12:01 chfsx

Yes I saw your and the other PRs relating to anonymous users with ID 0 and other session expired fixes in the last days. I was quiet exited! :D

Let me check in the next days. Is quiet a bad bug to debug since i saw this always in prod and not dev where i always have a valid session. The chance your commits fixed this issue is very high. I will test this again and reply.

PurHur avatar Jan 25 '23 20:01 PurHur

@PurHur thanks a lot for looking into this! PR #5458 can be tested by deactivating cookies in the browser and open a goto_...-URL for example.

chfsx avatar Jan 25 '23 23:01 chfsx

Are these things meged back into ilias7?

I tested a fresh ilias7 and the problem still exists. E.g. There will be a redirectloop to the login.php if the session is expirend.

PurHur avatar Jan 26 '23 11:01 PurHur

Unfortunately, no one knows the full effects of PR #5458 , so this will only be merged to trunk and probably not backported.

chfsx avatar Jan 26 '23 11:01 chfsx

I tested this issue now in the latest release_8 and even a fresh installation of trunk. Same bug. Sadly nothing changed.

But in release_8 and trunk there is no notice message "Your session expired" in the public area anymore if this patch is applied. I guess the notice could be inserted before gotoPublicSection(); in the patch.

PurHur avatar Mar 10 '23 13:03 PurHur

Please have a look on my new PR https://github.com/ILIAS-eLearning/ILIAS/pull/6285 for the same issue.

PurHur avatar Aug 30 '23 10:08 PurHur

With #6285 being merged I will close this one. I will close the mantis issue once all branches are fixed.

pascalseeland avatar Oct 17 '23 09:10 pascalseeland