https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28592 Bug ID: 28592 Summary: ISE after paying through opac payment plugin Change sponsored?: --- Product: Koha Version: 20.11 Hardware: All OS: All Status: NEW Severity: major Priority: P5 - low Component: OPAC Assignee: oleonard@myacpl.org Reporter: magnus@libriotech.no QA Contact: testopia@bugs.koha-community.org After upgrading to 20.11.06, we have a problem with using the koha-plugin-dibs-payments plugin for online payments: https://github.com/Libriotech/koha-plugin-dibs-payments After authenticating with the remote service the user is redirected back to <opac>/cgi-bin/koha/opac-account-pay-return.pl However, this page presents a login form, and the user is forced to log in. It looks like this happens because the value of the CGISESSID cookie is changed somewhere along the way. Or does it change because the login screen is presented? Not sure of what is cause and what is effect here. After logging in, the user is redirected (with a 303 status) to the same URL, but this time all the parameters that were POSTed the first time around are now included in the URL as one kind of weird GET parameter (note the semicolons between parameters): ?orderid=123;payment_method=Koha%3A%3APlugin%3A%3ACom%3A%3ABibLibre%3A%3ADIBSPayments;transact=123;authkey=abc etc The payment is recorded in the accountlines table, but koha_plugin_com_biblibre_dibspayments_dibs_transactions.accountline_id is left empty. As far as I can tell, checkauth is only used in two places in the opac, opac-account-pay-return.pl and opac-ratings.pl: $ sudo grep -rn "checkauth" /usr/share/koha/opac/cgi-bin/opac/opac-* /usr/share/koha/opac/cgi-bin/opac/opac-account-pay-return.pl:29:my ( $userid, $cookie, $sessionID, $flags ) = checkauth( $cgi, 0, {}, 'opac' ); /usr/share/koha/opac/cgi-bin/opac/opac-messaging.pl:24:use C4::Auth; # checkauth, getborrowernumber. /usr/share/koha/opac/cgi-bin/opac/opac-passwd.pl:25:use C4::Auth; # checkauth, getborrowernumber. /usr/share/koha/opac/cgi-bin/opac/opac-privacy.pl:22:use C4::Auth; # checkauth, getborrowernumber. /usr/share/koha/opac/cgi-bin/opac/opac-ratings.pl:40:my ($userid, $cookie, $sessionID) = checkauth( $query, 0, {}, 'opac' ); /usr/share/koha/opac/cgi-bin/opac/opac-reserve.pl:24:use C4::Auth; # checkauth, getborrowernumber. -- You are receiving this mail because: You are watching all bug changes.