[Koha-bugs] [Bug 29543] Self-checkout allows returning everybody's loans
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Feb 8 16:52:59 CET 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29543
--- Comment #57 from Marcel de Rooy <m.de.rooy at rijksmuseum.nl> ---
(In reply to Jonathan Druart from comment #55)
> (In reply to Marcel de Rooy from comment #50)
> > Why dont you pass the session cookie?
> > You could pass something like [ $cookie1, $cookie2 ] ?
>
> I think CGISESSID is in the CGI object already.
Cookies need to be sent out. If they have changed, they will only be updated at
client side when you sent them explicitly to the output subs.
output_html_with_http_headers and friends actually assume that it is the
authentication cookie; so you are cheating here.
> (In reply to Marcel de Rooy from comment #53)
> > Iiuc JWT is not encrypted. So this may be a bit more secure, but could be
> > improved.
>
> It is encoded using a secret, see Koha::Token::_gen_jwt
OK. It is bit hidden but I found it in the _default_params sub.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list