MDL-76166 auth: Ensure user is in server access logs

hjlinde · Nov 30, 2022 · 825d11e · 825d11e
1 parent 57c1e97
commit 825d11e
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 1 deletion.
diff --git a/lib/classes/session/manager.php b/lib/classes/session/manager.php
@@ -940,6 +940,9 @@ public static function set_user(\stdClass $user) {
 
         // Init session key.
         sesskey();
+
+        // Make sure the user is correct in web server access logs.
+        set_access_log_user();
     }
 
     /**

diff --git a/lib/classes/shutdown_manager.php b/lib/classes/shutdown_manager.php
@@ -148,6 +148,10 @@ public static function register_function($callback, array $params = null): void
     public static function shutdown_handler() {
         global $DB;
 
+        // Always ensure we know who the user is in access logs even if they
+        // were logged in a weird way midway through the request.
+        set_access_log_user();
+
         // Custom stuff first.
         foreach (self::$callbacks as $data) {
             list($callback, $params) = $data;

diff --git a/lib/setuplib.php b/lib/setuplib.php
@@ -1876,7 +1876,7 @@ function set_access_log_user() {
                 apache_note('MOODLEUSER', $logname);
             }
 
-            if ($logmethod == 'header') {
+            if ($logmethod == 'header' && !headers_sent()) {
                 header("X-MOODLEUSER: $logname");
             }
         }