Contrib.social

User session change causes runtime exception in other modules

Open on Drupal.org โ†’
Created on 15 June 2018, almost 7 years ago
Updated 8 February 2024, about 1 year ago

Problem/Motivation

In /src/Plugin/search_api/processor/RenderedItem.php::addFieldValues() the current user is overwritten to ensure that the configured roles are used. After that, the current user is anonymous. This change causes runtime exceptions like "Failed to start the session because headers have already been sent" in other modules during indexing. See for example: https://www.drupal.org/project/flag/issues/2957019 โ†’

Drupal 8.5.3
Flag 8.x-4.x-dev
Search API 8.x-1.7

Proposed resolution

Don't overwrite the current user completely. Maybe just change the user roles or at least leave the UID?

// Change the current user to our dummy implementation to ensure we are
// using the configured roles.
$this->currentUser->setAccount(new UserSession(['uid' => $this->currentUser->id(), 'roles' => $configuration['roles']]));
๐Ÿ› Bug report
Status

Needs work

Version

1.0

Component

Plugins

Created by

๐Ÿ‡จ๐Ÿ‡ญSwitzerland marco-s Switzerland๐Ÿ‡จ๐Ÿ‡ญ

Live updates comments and jobs are added and updated live.
  • Needs tests

    The change is currently missing an automated test that fails when run with the original code, and succeeds when the bug has been fixed.

Sign in to follow issues

Merge Requests

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • First commit to issue fork.
  • Merge request !107#2979846: Use a valid session uid for switching โ†’ (Open) created by j_ten_man
  • Open in Jenkins โ†’ Open on Drupal.org โ†’
    Core: 10.1.4 + Environment: PHP 8.2 & sqlite-3.34
    last update about 1 year ago
    Composer require-dev failure
  • Pipeline finished with Failed
    about 1 year ago
    Total: 49s
    #90879
  • Comment about 1 year ago โ†’
    ๐Ÿ‡บ๐Ÿ‡ธUnited States j_ten_man

    Just ran into this issue on a views search page. The user.current_user_context service was getting the current user set from the search API. This would then load the user (doing a full entityTypeManager load of the user) to supply the user account. Blocks were then no longer rendering on the page that were limited to specific roles since the current_user was user 0. Using -2 as the uid didn't help either. I've created a merge request which uses the uid of the current user. Not sure if there are other negative consequences from doing this, but the site that we're using this on shouldn't have any negative consequences from doing this.

    A more elegant solution to this would be to reset the current_user and user.current_user_context services after everything is rendered, but wasn't sure how to accomplish that.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024