http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12954 --- Comment #13 from M. Tompsett <mtompset@hotmail.com> --- Comment on attachment 34551 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=34551 Bug 12954 - Questionable logic regarding session handling in C4::Auth::checkauth() Review of attachment 34551: --> (http://bugs.koha-community.org/bugzilla3/page.cgi?id=splinter.html&bug=12954&attachment=34551) ----------------------------------------------------------------- ::: C4/Auth.pm @@ +1060,5 @@
+ if ($session) { + $session->delete(); + $session->flush; + } + C4::Context->_unset_userenv($sessionID) if $sessionID;
I'm not sure moving this outside the if ($userid) check is right. I vaguely recall strangeness with all the 5 test cases that I recommended when I was testing a custom authentication for our organization in terms of setting of userid and return and sessionID. I haven't tried this, but this code change seems wrong to me. I'll possibly attempt later. -- You are receiving this mail because: You are watching all bug changes.