[Using Sakai] user login reverts to admin user
David Horwitz
david.horwitz at uct.ac.za
Mon Aug 20 06:38:33 PDT 2012
This sounds like somewhere something is setting the current session user
to admin. I would look at any code you run in the login for something like:
Session sakaiSession = sessionManager.getCurrentSession();
sakaiSession.setUserId("admin");
sakaiSession.setUserEid("admin");
Code like this should not be called in any user thread, SecurityAdvisors
are a better bet ....
D
On 08/20/2012 03:21 PM, Fatima Rahiman wrote:
>
> Hi All
>
> We’ve been experiencing a no. of random though isolated incidences of
> users unsuccessfully logging into Sakai( with their correct details )
> but with their browser window immediately returning a screen which
> shows SAKAI admin user rights i.e they somehow manage to log into
> SAKAI as an admin! Obviously this poses a huge security breach for
> us. Has anyone else ever experienced this?
>
> This communication is intended for the addressee only. It is
> confidential. If you have received this communication in error, please
> notify us immediately and destroy the original message. You may not
> copy or disseminate this communication without the permission of the
> University. Only authorized signatories are competent to enter into
> agreements on behalf of the University and recipients are thus advised
> that the content of this message may not be legally binding on the
> University and may contain the personal views and opinions of the
> author, which are not necessarily the views and opinions of The
> University of the Witwatersrand, Johannesburg. All agreements between
> the University and outsiders are subject to South African Law unless
> the University agrees in writing to the contrary.
>
>
>
> _______________________________________________
> sakai-user mailing list
> sakai-user at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-user
>
> TO UNSUBSCRIBE: send email to sakai-user-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-user/attachments/20120820/317c91fb/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 15902 bytes
Desc: not available
Url : http://collab.sakaiproject.org/pipermail/sakai-user/attachments/20120820/317c91fb/attachment-0001.png
More information about the sakai-user
mailing list