Login as Client Overwrites Existing User ID

[Chance]

When a NON-PRIMARY contact is in session, and an admin clicks Login as Client, Blesta puts the ID of the staff member into $_SESSION['blesta_id'], overwriting any existing $_SESSION['blesta_id'] value.  This produces a problem where code that plugins use to obtain contact data are no longer working because admins are NOT contacts.

Steps to reproduce:

1) Login into client area as a NON-PRIMARY contact
2) Do NOT log out of client area
3) Visit admin area
4) Login as admin
5) Load a client in admin portal
6) Use More Actions to Login as Client
7) When a plugin uses the below code to obtain contact data, it fails to pull the correct contact data.  It pulls the primary contact, when it should pull the non-primary contact that was logged in PRIOR to Blesta overwriting the $_SESSION['blesta_id'] variable

 

$client_id = $this->Session->read('blesta_client_id');
$user_id = $this->Session->read('blesta_id');
if( $client_id ) {
    
    Loader::loadModels($this, ['Clients', 'Contacts']);
    
    $client = $this->Clients->get($client_id);
    if( $client ) {
        $contact = $this->Contacts->getByUserId($user_id, $client->id);
        
        if( !$contact ) {
            $contact = $this->Contacts->get($client->contact_id);
        }
    }
}

Whether this is by design or not I am not sure.  Hence this report.  Please advise.

 

Blesta v5.9.3

PHP 7.4.33

MySQL 10.2.44