mirror of
https://github.com/moodle/moodle.git
synced 2025-01-19 06:18:28 +01:00
0ea0dfde6d
The current logic in the cache_session::check_tracked_user() is not right. We must always set the current session id. A typical use case is when the cache instance is instantiated for a not logged in user. We can't let the sessionid property null in that case as it forms an important part of the parsed key. Similarly, even if we have the same user currently loaded, we must still set the sessionid to make sure the data will be associated with the current PHP session. Same user (including visitors or guest users) can access the site from different browsers and each must end up with its own key prefix.