Details
-
Improvement
-
Status: Closed
-
Normal
-
Resolution: Fixed
-
None
-
None
-
None
Description
After a new login or change of password in the cms (which triggers a new login, without invalidating the cms http session), a new CmsSessionContext is created.
Currently, if there already exists a CmsSessionContext (as in case of a password change), the current CmsSessionContext is detached (invalidated) and a new one created.
This was needed in the past because of the user credentials are kept in the CmsSessionContext, and with a password change those no longer were valid.
But since we now no longer keep/need the password in the credentials after a login (marking that credentials instance as 'trusted' to be reused), the CmsSessionContext invalidation no longer is needed. Which is an important optimization to do, because recently we also added automatic invalidation of all linked HST/site sessions in that process. Which also isn't needed on a password change.
So, the logic for the createCmsSessionContext method (in PluginUserSession) can be simplified and just return the existing CmsSessionContext instead of destroying it and always creating a new one.
Attachments
Issue Links
- relates to
-
CMS-7032 Changing the user password while editing a channel breaks the Channel Manager view
-
- Closed
-