https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28507 --- Comment #3 from David Cook <dcook@prosentient.com.au> --- Actually, I think the key thing is having Koha::Session enforce a number of mandatory session variables. After reviewing C4::Auth::check_api_auth(), C4::Auth::checkauth(), C4::InstallAuth::checkauth(), the required keys for an authenticated user appear to be: - number - id - cardnumber - firstname - surname - branch - branchname - flags - emailaddress - ip - lasttime - interface (not set by C4::InstallAuth::checkauth() but is by the other 2) C4::Auth::checkauth() also sets "search_history", "desk_id", "desk_name", "shibboleth", "register_id", "register_name", "sco_user", and "cas_ticket". C4::Auth::check_api_auth() also sets "cas_ticket". -- You are receiving this mail because: You are watching all bug changes.