Workaround for timestamps rounding issues with Rails4.2 and mysql5.7 that may kill user session after password is changed (#17460).

git-svn-id: http://svn.redmine.org/redmine/trunk@14011 e93f8b46-1217-0410-a6f0-8f06a7374b81
2026-02-10 04:35:24 +00:00 · 2015-02-15 09:09:35 +00:00 · 2015-02-15 09:09:35 +00:00 · 76e7025f07
commit 76e7025f07
parent 77061f59f2
2 changed files with 2 additions and 2 deletions
--- a/app/controllers/my_controller.rb
+++ b/app/controllers/my_controller.rb
@ -102,7 +102,7 @@ class MyController < ApplicationController
        if @user.save
          # Reset the session creation time to not log out this session on next
          # request due to ApplicationController#force_logout_if_password_changed
-          session[:ctime] = Time.now.utc.to_i
+          session[:ctime] = User.current.passwd_changed_on.utc.to_i
          flash[:notice] = l(:notice_account_password_updated)
          redirect_to my_account_path
        end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -314,7 +314,7 @@ class User < Principal
  def salt_password(clear_password)
    self.salt = User.generate_salt
    self.hashed_password = User.hash_password("#{salt}#{User.hash_password clear_password}")
-    self.passwd_changed_on = Time.now
+    self.passwd_changed_on = Time.now.change(:usec => 0)
  end

  # Does the backend storage allow this user to change their password?