Fixed issue caused by used of dangling variable on sessions page.

2023-08-03 01:43:43 +00:00 · 2023-08-03 01:43:43 +00:00 · 9dd7156c79
commit 9dd7156c79
parent 00d1d2922d
2 changed files with 7 additions and 3 deletions
--- a/public-legacy/settings/sessions.php
+++ b/public-legacy/settings/sessions.php
@ -11,7 +11,7 @@ if(!$msz->isLoggedIn()) {
 $errors = [];
 $sessions = $msz->getSessions();
 $currentUser = $msz->getActiveUser();
-$activeSessionToken = $authToken->getSessionToken();
+$activeSessionId = $msz->getAuthInfo()->getSessionId();
 while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
    $sessionId = (string)filter_input(INPUT_POST, 'session');
@ -31,7 +31,7 @@ while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
            break;
        }
-        $activeSessionKilled = $sessionInfo->getToken() === $activeSessionToken;
+        $activeSessionKilled = $sessionInfo->getId() === $activeSessionId;
        $sessions->deleteSessions(sessionInfos: $sessionInfo);
        $msz->createAuditLog('PERSONAL_SESSION_DESTROY', [$sessionInfo->getId()]);
    }
@ -50,7 +50,7 @@ $sessionInfos = $sessions->getSessions(userInfo: $currentUser, pagination: $pagi
 foreach($sessionInfos as $sessionInfo)
    $sessionList[] = [
        'info' => $sessionInfo,
-        'active' => $sessionInfo->getToken() === $activeSessionToken,
+        'active' => $sessionInfo->getId() === $activeSessionId,
    ];
 Template::render('settings.sessions', [
--- a/src/Auth/AuthInfo.php
+++ b/src/Auth/AuthInfo.php
@ -56,6 +56,10 @@ class AuthInfo {
        return $this->userInfo;
    }
    public function getSessionId(): ?string {
        return $this->sessionInfo?->getId();
    }
    public function getSessionInfo(): ?SessionInfo {
        return $this->sessionInfo;
    }