N°9625 - Add Session::UnsetAll() method to ensure that even the "welcome" session value is correctly resetted#970
Conversation
…ome" session value is correctly resetted
There was a problem hiding this comment.
Pull request overview
Adds comprehensive session clearing so logout also resets values such as welcome.
Changes:
- Adds
Session::UnsetAll(). - Uses it during login session reset.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
sources/Service/Session/Session.php |
Adds full-session reset API. |
application/loginwebpage.class.inc.php |
Clears all session variables on reset. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
| Filename | Overview |
|---|---|
| sources/Service/Session/Session.php | Adds UnsetAll() (clears $_SESSION entirely, consistent with Set() pattern) and adds a missing !isset($_SESSION) guard to ListVariables(). Both changes are correct and consistent with existing class conventions. |
| application/loginwebpage.class.inc.php | ResetSession() now delegates to Session::UnsetAll() instead of unsetting 10 hard-coded keys; broadens the clear to include previously missed keys (e.g. welcome, transactions). Import updated from the alias to the canonical service namespace. |
| tests/php-unit-tests/unitary-tests/application/Session/SessionTest.php | testUnsetAll() covers the active-session branch only; the inactive-session branch (Start → clear → WriteClose) is untested. |
Sequence Diagram
%%{init: {'theme': 'neutral'}}%%
sequenceDiagram
participant Browser
participant LoginWebPage
participant Session
participant PHP
Browser->>LoginWebPage: logout / re-login trigger
LoginWebPage->>Session: UnsetAll()
alt session already active
Session->>PHP: "$_SESSION = []"
else session not yet active
Session->>PHP: session_start()
Session->>PHP: "$_SESSION = []"
Session->>PHP: session_write_close()
end
LoginWebPage->>LoginWebPage: UserRights::_ResetSessionCache()
Note over LoginWebPage,Session: welcome, auth_user, transactions,<br/>and all other keys are now cleared
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
sequenceDiagram
participant Browser
participant LoginWebPage
participant Session
participant PHP
Browser->>LoginWebPage: logout / re-login trigger
LoginWebPage->>Session: UnsetAll()
alt session already active
Session->>PHP: "$_SESSION = []"
else session not yet active
Session->>PHP: session_start()
Session->>PHP: "$_SESSION = []"
Session->>PHP: session_write_close()
end
LoginWebPage->>LoginWebPage: UserRights::_ResetSessionCache()
Note over LoginWebPage,Session: welcome, auth_user, transactions,<br/>and all other keys are now cleared
Reviews (3): Last reviewed commit: "N°9625 - Code review updates" | Re-trigger Greptile
| Session::Unset('itop_env'); | ||
| Session::Unset('obj_messages'); | ||
| Session::Unset('profile_list'); | ||
| Session::UnsetAll(); |
There was a problem hiding this comment.
@odain-cbd @eespie do you think that we should preserve login_mode entry in the session instead of clearing everything?
Internal