[Koha-bugs] [Bug 29543] Self-checkout allows returning everybody's loans
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Feb 8 14:37:32 CET 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29543
--- Comment #51 from Marcel de Rooy <m.de.rooy at rijksmuseum.nl> ---
Hmm. Why are we doing this in sco-main:
L47
my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
So the CGISESSID cookie is used here and we check permissions.
L371
$cookie = $query->cookie( -name => 'JWT',
We create a new cookie JWT. But ignore the session cookie.
L381
output_html_with_http_headers $query, $cookie, $template->output, undef, {
force_no_caching => 1 };
We output now without the CGISESSID, only JWT.
Why dont you pass the session cookie?
You could pass something like [ $cookie1, $cookie2 ] ?
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list