[Building Sakai] [Using Sakai] user login reverts to admin user

David Wafula davidwaf at gmail.com
Mon Aug 20 06:40:45 PDT 2012 

That should explain it...we did some session calls somewhere...in the code.
Will correct it.

On Mon, Aug 20, 2012 at 3:38 PM, David Horwitz <david.horwitz at uct.ac.za>wrote:

>  This sounds like somewhere something is setting the current session user
> to admin. I would look at any code you run in the login for something like:
>
>  Session sakaiSession = sessionManager.getCurrentSession();
>  sakaiSession.setUserId("admin");
>  sakaiSession.setUserEid("admin");
>
> Code like this should not be called in any user thread, SecurityAdvisors
> are a better bet ....
>
> D
>
>
>
> On 08/20/2012 03:21 PM, Fatima Rahiman wrote:
>
>  Hi All****
>
> ** **
>
> We’ve been experiencing a no. of random though isolated incidences of
> users unsuccessfully logging into Sakai( with their correct details ) but
> with their browser window immediately  returning a screen which shows
> SAKAI  admin user rights i.e they somehow manage to log into SAKAI as an
> admin! Obviously this poses a huge security breach for  us. Has anyone else
> ever experienced this? ****
>
> ** **
>
> ****
>
> ****
>
> ** **
>
> This communication is intended for the addressee only. It is confidential. If you have received this communication in error, please notify us immediately and destroy the original message. You may not copy or disseminate this communication without the permission of the University. Only authorized signatories are competent to enter into agreements on behalf of the University and recipients are thus advised that the content of this message may not be legally binding on the University and may contain the personal views and opinions of the author, which are not necessarily the views and opinions of The University of the Witwatersrand, Johannesburg. All agreements between the University and outsiders are subject to South African Law unless the University agrees in writing to the contrary.
>
>
>
> _______________________________________________
> sakai-user mailing listsakai-user at collab.sakaiproject.orghttp://collab.sakaiproject.org/mailman/listinfo/sakai-user
>
> TO UNSUBSCRIBE: send email to sakai-user-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"
>
>
>
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to
> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"
>



-- 
David Wafula
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20120820/473998be/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 15902 bytes
Desc: not available
Url : http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20120820/473998be/attachment.png

More information about the sakai-dev mailing list