invalidate all user session cache when userdatabase is changed FS#1085

A reference file is now stored in data/cache/sessionpurge and is used to
check if user sessions are still valid.

To accomondate for slow auth backends DokuWiki caches user info for
a certain time in the user session.

darcs-hash:20080215114923-7ad00-6874d5211efce7d07e54de37244becc2387c1ba7.gz

1 files changed, 10 insertions, 0 deletions

diff --git a/lib/plugins/usermanager/admin.php b/lib/plugins/usermanager/admin.php
index e20078d04..c5b720444 100644
--- a/lib/plugins/usermanager/admin.php
+++ b/lib/plugins/usermanager/admin.php
@@ -364,6 +364,8 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin {
      * Delete user
      */
     function _deleteUser(){
+        global $conf;
+
         if (!checkSecurityToken()) return false;
         if (!$this->_auth->canDo('delUser')) return false;
 
@@ -381,6 +383,9 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin {
           msg("$part1, $part2",-1);
         }
 
+        // invalidate all sessions
+        io_saveFile($conf['cachedir'].'/sessionpurge',time());
+
         return true;
     }
 
@@ -410,6 +415,8 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin {
      * Modify user (modified user data has been recieved)
      */
     function _modifyUser(){
+        global $conf;
+
         if (!checkSecurityToken()) return false;
         if (!$this->_auth->canDo('UserMod')) return false;
 
@@ -455,6 +462,9 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin {
             $this->_notifyUser($notify,$newpass);
           }
 
+          // invalidate all sessions
+          io_saveFile($conf['cachedir'].'/sessionpurge',time());
+
         } else {
           msg($this->lang['update_fail'],-1);
         }