Admin: ensure "login_as" flag is off anytime we logout or login with username/password directly

ywarnier · ywarnier · commit 98c42aaf628c · 2025-06-20T18:18:15.000+02:00
diff --git a/main/inc/lib/online.inc.php b/main/inc/lib/online.inc.php
@@ -217,6 +217,10 @@ function online_logout($user_id = null, $logout_redirect = false)
     }
 
     api_delete_firstpage_parameter();
+    // If we were using "login_as", make sure this doesn't stick to the session
+    if (Session::read('login_as') !== null) {
+        Session::erase('login_as');
+    }
     Session::erase('last_id');
     CourseChatUtils::exitChat($user_id);
     session_regenerate_id();
diff --git a/main/inc/local.inc.php b/main/inc/local.inc.php
@@ -461,6 +461,8 @@
             $login = $_POST['login'];
             $password = $_POST['password'];
         }
+        // unset the "login_as" flag if we just connected with a username and password.
+        Session::erase('login_as');
 
         $userManager = UserManager::getManager();
         $userRepository = UserManager::getRepository();

Original file line number	Diff line number	Diff line change
`@@ -461,6 +461,8 @@`
`461`	`461`	`$login = $_POST['login'];`
`462`	`462`	`$password = $_POST['password'];`
`463`	`463`	`}`
	`464`	`+ // unset the "login_as" flag if we just connected with a username and password.`
	`465`	`+ Session::erase('login_as');`
`464`	`466`
`465`	`467`	`$userManager = UserManager::getManager();`
`466`	`468`	`$userRepository = UserManager::getRepository();`