From: Jan Schneider <jan@horde.org>
Date: Wed, 22 Dec 2010 15:25:23 +0000 (+0100)
Subject: The session key must include the user name.
X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=1c6ca8107a15b33134bb8cfab1ed0525de24db71;p=horde.git

The session key must include the user name.

 We are accessing other users' preferences during a session.
---

diff --git a/framework/Core/lib/Horde/Core/Prefs/Cache/Session.php b/framework/Core/lib/Horde/Core/Prefs/Cache/Session.php
index 45e491124..a715c9d67 100644
--- a/framework/Core/lib/Horde/Core/Prefs/Cache/Session.php
+++ b/framework/Core/lib/Horde/Core/Prefs/Cache/Session.php
@@ -22,8 +22,8 @@ class Horde_Core_Prefs_Cache_Session extends Horde_Prefs_Cache_Base
     {
         global $session;
 
-        return $session->exists('horde', self::SESS_KEY . $scope)
-            ? $session->get('horde', self::SESS_KEY . $scope)
+        return $session->exists('horde', self::SESS_KEY . $this->_params['user'] . '/' . $scope)
+            ? $session->get('horde', self::SESS_KEY . $this->_params['user'] . '/' . $scope)
             : false;
     }
 
@@ -31,14 +31,14 @@ class Horde_Core_Prefs_Cache_Session extends Horde_Prefs_Cache_Base
      */
     public function store($scope_ob)
     {
-        $GLOBALS['session']->set('horde', self::SESS_KEY . $scope_ob->scope, $scope_ob);
+        $GLOBALS['session']->set('horde', self::SESS_KEY . $this->_params['user'] . '/' . $scope_ob->scope, $scope_ob);
     }
 
     /**
      */
     public function remove($scope = null)
     {
-        $GLOBALS['session']->remove('horde', self::SESS_KEY . strval($scope));
+        $GLOBALS['session']->remove('horde', self::SESS_KEY . $this->_params['user'] . '/' . strval($scope));
     }
 
 }