Contrib.social

content_lock_timeout_user_logout() checks user session handling incorrectly

Open on Drupal.org β†’
Created on 20 March 2025, 4 months ago

Problem/Motivation

In content_lock_timeout_user_logout() there is code part which checks if user sessions are stored in database.

/**
 * Implements hook_user_logout().
 */
function content_lock_timeout_user_logout($account): void {
....
  // Only do the database check if the original drupal session manager is used.
  // Otherwise, it's not sure if sessions table has correct data. As it would be
  // possible to extend the Class, instanceof is not used here!
  if (get_class(Drupal::service('session_manager')) == SessionManager::class) {
    $query = \Drupal::database()
      ->select('sessions');
    $query->condition('uid', $account->id());
    $query = $query->countQuery();
    $session_count = (int) $query->execute()->fetchField();
  }
....
}

https://git.drupalcode.org/project/content_lock/-/blob/3.x/modules/conte...
It is fine to do such check since 'sessions' table can be missing if other session storage (like Redis) is used - https://www.drupal.org/node/3431286 β†’ .
But this checking isn't working properly if session storage is changed to some alternative. Because \Drupal::service('session_manager') is still \Drupal\Core\Session\SessionManager when session storage is (for example) \Symfony\Component\HttpFoundation\Session\Storage\Handler\RedisSessionHandler.

Steps to reproduce

I tried find example of the RedisSessionHandler usage. Here is related example - https://www.drupal.org/project/redis/issues/2876099#comment-15763319 ✨ Create submodule to store PHP sessions in Redis RTBC

Proposed resolution

Check \Drupal::service('session_handler.storage') instead of Drupal::service('session_manager').

Remaining tasks

None.

User interface changes

None.

API changes

None.

Data model changes

None.

πŸ› Bug report
Status

Active

Version

3.0

Component

Code

Created by

πŸ‡ΊπŸ‡¦Ukraine deimos

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024