[Bug 13779] New: sessionID declared twice in C4::Auth::checkauth()
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13779 Bug ID: 13779 Summary: sessionID declared twice in C4::Auth::checkauth() Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: minor Priority: P5 - low Component: Authentication Assignee: gmcharlt@gmail.com Reporter: dcook@prosentient.com.au QA Contact: testopia@bugs.koha-community.org CC: dpavlin@rot13.org "$sessionID" is declared twice in C4::Auth::checkauth(). The first time is at the start of C4::Auth::checkauth(), while the second is in the "unless ($userid || $sessionID)" block. This means that "return ( $userid, $cookie, $sessionID, $flags )", which is called within the "if ( $loggedin || $authnotrequired )" block, will never ever return the $sessionID created in the "unless ($userid || $sessionID)" block, since it's out of scope. The only time that "return ( $userid, $cookie, $sessionID, $flags )" will return "$sessionID" is if the "elsif ( $sessionID = $query->cookie("CGISESSID") )" block evaluates to true. -- In other words, "my ( $userid, $cookie, $sessionID ) = checkauth( $query, 0, { borrow => 1 }, 'opac', '');" will only have a $sessionID if the user already has the CGISESSID cookie set. This doesn't prevent checkauth() from setting the session or the cookie properly. It just means $sessionID isn't set even though it should be, because it's the value that is stored in the cookie! -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org