Regression related to automatic logout and guest account for issue #3343

Cacti · Mar 24, 2020 · ec0d1f8 · ec0d1f8
1 parent 48328d0
commit ec0d1f8
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 7 deletions.
diff --git a/include/global_session.php b/include/global_session.php
@@ -77,13 +77,14 @@
     if (isset($_SESSION['refresh']['logout'])) {
         $refreshIsLogout = $_SESSION['refresh']['logout'];
     } else {
-		$refreshIsLogout = 'true';
+		$refreshIsLogout = 'false';
 	}
 
     if (isset($_SESSION['refresh']['page'])) {
         $myrefresh['page'] = sanitize_uri($_SESSION['refresh']['page']);
     } else {
 		$myrefresh['page'] = $config['url_path'] . 'logout.php?action=timeout';
+		$refreshIsLogout   = 'true';
 	}
 
 	unset($_SESSION['refresh']);
@@ -115,7 +116,9 @@
 
 /* guest account does not auto log off */
 if (isset($_SESSION['sess_user_id']) && $_SESSION['sess_user_id'] == read_config_option('guest_user')) {
-	$refreshIsLogout = 'false';
+	$myrefresh['seconds'] = 99999999;
+	$refreshIsLogout      = 'false';
+	$myrefresh['page']    = sanitize_uri($_SERVER['REQUEST_URI']);
 }
 
 ?>

diff --git a/lib/auth.php b/lib/auth.php
@@ -713,26 +713,29 @@ function is_realm_allowed($realm) {
 		}
 
 		if (!is_user_perms_valid($_SESSION['sess_user_id'])) {
-			kill_session_var('sess_user_realms');
-			kill_session_var('sess_user_config_array');
-			kill_session_var('sess_config_array');
-
 			if (db_table_exists('user_auth_cache')) {
 				$enabled = db_fetch_cell_prepared('SELECT enabled
 					FROM user_auth
 					WHERE id = ?',
 					array($_SESSION['sess_user_id']));
 
-				if ($enabled == '') {
+				if ($enabled == '' && get_guest_account() != $_SESSION['sess_user_id']) {
 					db_execute_prepared('DELETE FROM user_auth_cache
 						WHERE user_id = ?',
 						array($_SESSION['sess_user_id']));
 
 					kill_session_var('sess_user_id');
+					kill_session_var('sess_user_realms');
+					kill_session_var('sess_user_config_array');
+					kill_session_var('sess_config_array');
 
 					print '<span style="display:none;">cactiLoginSuspend</span>';
 					exit;
 				}
+			} else {
+				kill_session_var('sess_user_realms');
+				kill_session_var('sess_user_config_array');
+				kill_session_var('sess_config_array');
 			}
 		}