- Issue created by @bob.hinrichs
Currently LTIToolProviderBase::authenticate calls userLoginFinalize, which in turn just calls drupal's user_login_finalize(). This happens on every launch, which means it happens whenever a user views a resource via LTI. user_login_finalize(), however can potentially do quite a lot, as it starts up a new user session, updates the user's last login time, fires off events, and invokes all user_login hooks. This is unnecessary, if the same user is viewing different resources within a sitting.
Unnecessary processing could be avoided, if the login finalize process could be conditioned upon the LTI user's 'sub' value changing.
To illustrate this, see the following code:
/**
* Check if the user is a new login.
*
* @param $session
* The session.
*
* @return bool
*/
public function isNewLogin($session) {
$context_sub = $session->get('lti_tool_provider_context')->getUserIdentity()->getIdentifier();
$session_sub = $session->get('lti_tool_provider_context_sub');
return $context_sub !== $session_sub;
}
/**
* {@inheritdoc}
*/
public function userLoginFinalize(UserInterface $user) {
user_login_finalize($user);
$session = \Drupal::service('session');
$session->set('lti_tool_provider_context_sub', $session->get('lti_tool_provider_context')->getUserIdentity()->getIdentifier());
}
One additional thing to note: Drupal's user_login_finalize is about to be deprecated in 10.3: https://www.drupal.org/node/3379194 β
Active
2.0
Code