Fix "logged out of admin" bug #48
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
I encountered an issue in version 2.4.6. When I enabled Devtools in the configuration and used the store switcher on the product edit page, it caused me to get logged out of the admin. However, when I disabled MSP Devtools, everything worked as intended. To resolve this problem, I copied the pull request to a new custom module, and that successfully fixed the issue. |
|
Any chance this can be released soon? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In
Plugin\PhpEnvironment\ResponsePluginwe useModel\PageInfo. InModel\PageInfowe useMagento\Framework\View\LayoutInterface.Creating a
Layoutobject which has a plugin (egPlugin\View\LayoutPlugin) will pull in instances ofUrlInterfaceandResolverInterfacethrough dependency injection. Both of these classes have preferences in the "adminhtml" area to classes that instanciate an admin session object. When this happens, a new admin session will be created if one does not already exist.As the path to static resources does not match the path to the adminhtml frontend route, no cookie identifying the current/previous admin session is sent by the user agent. So, when the admin session object is initialised, no existing session is found; a new session is therefore created and sent to the user agent as part of this request. This replaces the existing admin session for the user, seemingly logging them out.
All of this logic only kicks in when a standard request object is used, such as when an exception is thrown. When the static resource application finds the file it is seeking, this follows a different code path than the exception handling referenced above.
To reproduce/test, please observe the headers sent on a request to
/static/version1234567890/adminhtml/Magento/backend/en_GB/missing/file.jswith this module enabled. In version 1.2.14 this will send an 'admin' cookie. With the suggested patch here, this is no longer the case (ie, now matches core Magento behaviour).This has been tested on Magento v2.3.5-p1 only.