Merge pull request #440 from magento-performance/cabpi-386-expired-se…

…ssion CABPI-386: Add null check for user in AdminSessionsManager
magento · May 9, 2022 · 523fceb · 523fceb
2 parents 57a850d + 89f9d69
commit 523fceb
Showing 1 changed file with 15 additions and 11 deletions.
diff --git a/app/code/Magento/Security/Model/AdminSessionsManager.php b/app/code/Magento/Security/Model/AdminSessionsManager.php
@@ -266,17 +266,20 @@ public function getSessionsForCurrentUser()
      */
     public function logoutOtherUserSessions()
     {
-        $collection = $this->createAdminSessionInfoCollection()
-            ->filterByUser(
-                $this->authSession->getUser()->getId(),
-                \Magento\Security\Model\AdminSessionInfo::LOGGED_IN,
-                $this->authSession->getAdminSessionInfoId()
-            )
-            ->filterExpiredSessions($this->securityConfig->getAdminSessionLifetime())
-            ->loadData();
+        $user = $this->authSession->getUser();
+        if ($user) {
+            $collection = $this->createAdminSessionInfoCollection()
+                ->filterByUser(
+                    $user->getId(),
+                    \Magento\Security\Model\AdminSessionInfo::LOGGED_IN,
+                    $this->authSession->getAdminSessionInfoId()
+                )
+                ->filterExpiredSessions($this->securityConfig->getAdminSessionLifetime())
+                ->loadData();
 
-        $collection->setDataToAll('status', \Magento\Security\Model\AdminSessionInfo::LOGGED_OUT_MANUALLY)
-            ->save();
+            $collection->setDataToAll('status', \Magento\Security\Model\AdminSessionInfo::LOGGED_OUT_MANUALLY)
+                ->save();
+        }
 
         return $this;
     }
@@ -304,11 +307,12 @@ public function cleanExpiredSessions()
      */
     protected function createNewSession()
     {
+        $user = $this->authSession->getUser();
         $adminSessionInfo = $this->adminSessionInfoFactory
             ->create()
             ->setData(
                 [
-                    'user_id' => $this->authSession->getUser()->getId(),
+                    'user_id' => $user ? $user->getId() : null,
                     'ip' => $this->remoteAddress->getRemoteAddress(),
                     'status' => AdminSessionInfo::LOGGED_IN
                 ]