Details
-
Bug
-
Resolution: Fixed
-
Medium
-
4.7.0
-
N/A
Description
The eZUser::isLoggedIn method will always return true, when given a valid userID. This is because the method simply checks that a given userID maps to a user with a ContentID that does not match an Anonymous id, or -1.
I assume that the initial idea was that this method would always act on the current active user (thus returning a correct result), but in reality it can also be used on any User, using ::fetch, for example:
eZUser::fetch(<user id>)->isLoggedIn()
This will always return true, as long as user id is valid, regardless of that user's state.
The eZUser::isUserLoggedIn method already correctly returns if a user is logged in or not, so my suggestion for a fix is to make use of it. In pseudo-code:
function isLoggedIn if (thisUser) is (activeUser) return thisUser is valid else return ::isUserLoggedIn(thisUser->id)
The result of isUserLoggedIn will also ideally be cached with the user instance it relates to, to prevent repeat queries to ezuservisit