Hi Richard, Would the attached patch do the trick. I have added a warning note to the top of the form and added the functionality that will remove the edited user's session upon form submit.
Cheers! ** Patch added: "bug634580.patch" https://bugs.launchpad.net/mahara/+bug/634580/+attachment/1689997/+files/bug634580.patch -- Admin edits of user account details can be overwritten by open session https://bugs.launchpad.net/bugs/634580 You received this bug notification because you are a member of Mahara Committers, which is subscribed to Mahara. Status in Mahara ePortfolio: New Bug description: If an admin edits a user on the admin edit user page, and that user is currently logged in, then the changes made by the admin can be overwritten the next time that user browses around on the site and their session details are saved to the database. Perhaps, saving the form on the edit user page should call remove_user_sessions for the edited user (like when suspending a user). It would be nice if the admin was given a warning ("if you submit this form then <username> will be logged out") whenever the edited user has a session that hasn't expired. _______________________________________________ Mailing list: https://launchpad.net/~mahara-core Post to : [email protected] Unsubscribe : https://launchpad.net/~mahara-core More help : https://help.launchpad.net/ListHelp
