Details
-
Bug
-
Resolution: Fixed
-
High
-
2014.11, 5.3.4, 5.4.1
-
None
Description
if user that is currently logged in is removed, the session/tab where the user is navigating will throw an exception
Could not find 'Content' with identifier 'array ( 'id' => '32469', 'languages' => NULL, 'versionNo' => NULL, )' 500 Internal Server Error - NotFoundException 1 linked Exception: NotFoundException
steps to reproduce
1) Create a new user: user_001
2) Open a private window, log into the frontend using a siteaccess in legacy mode with user_001
3) in the the backend, delete user_001
4) Go to the logged user_001 session and navigate to any link. You will get the error above.
note: using a Sf siteaccess, the error is a "403 Forbidden - AccessDeniedHttpException"
in the documentation, there is a warning that users should not be removed, here:
https://doc.ez.no/eZ-Publish/User-manual/4.x/Daily-tasks/Managing-users
however, when user_001 is deleted in admin, the user's browser has no information of the event, and keeps sending session data that the server accepts as valid. this is not the same case as access to an object created by a removed user (such as an old comment)
Attachments
Issue Links
- testing discovered
-
EZP-24017 Security token issue using legacy bridge
-
- Closed
-
- links to