[Bug 40736] New: OAuth/OIDC authentication broken when CGISESSID is missing
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40736 Bug ID: 40736 Summary: OAuth/OIDC authentication broken when CGISESSID is missing Change sponsored?: --- Product: Koha Version: unspecified Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: REST API Assignee: koha-bugs@lists.koha-community.org Reporter: lari.taskula@hypernova.fi QA Contact: testopia@bugs.koha-community.org CC: tomascohen@gmail.com Our API error logs contain multiple instances of the following error
[ERROR] Can't call method "value" on an undefined value at /usr/share/koha/lib/Koha/REST/V1/OAuth/Client.pm line 100.
Client.pm:100 is
$state = Koha::Token->new->generate_csrf( { session_id => $c->req->cookie('CGISESSID')->value } );
This happens when a web crawler (Googlebot in our case) navigates to OAuth/OIDC login API endpoint, and Koha attempts to generate them a new CSRF token but is unable to due to missing CGISESSID cookie. To replicate: 1. Have an identity provider <provider code> defined under Administration > Identity providers 2. On a fresh browser session (clear cookies), 3. Navigate to https://yourkoha/api/v1/public/oauth/login/<provider code>/opac 4. Observe [ERROR] Can't call method "value" on an undefined value at /usr/share/koha/lib/Koha/REST/V1/OAuth/Client.pm line 100. in plack-api-error.log -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40736 Lari Taskula <lari.taskula@hypernova.fi> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |33675 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33675 [Bug 33675] Add CSRF protection to OAuth/OIDC authentication -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40736 Alex Buckley <alexbuckley@catalyst.net.nz> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |alexbuckley@catalyst.net.nz --- Comment #1 from Alex Buckley <alexbuckley@catalyst.net.nz> --- Hi, Thank you for reporting this. We are also encountering this error when human users are trying to log into the Koha OPAC (24.11.07) via OIDC from Chrome. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40736 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dcook@prosentient.com.au --- Comment #2 from David Cook <dcook@prosentient.com.au> --- While I think coding a fix for that error message would be a good idea, you need to have a Koha session in order to generate the state value for the OIDC login. I suppose you could argue that the endpoint could generate a CGISESSID cookie if it's missing, but there shouldn't be a scenario where it's missing when logging in, since you should be navigating to it from the Koha UI. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40736 --- Comment #3 from David Cook <dcook@prosentient.com.au> --- (In reply to Alex Buckley from comment #1)
Hi,
Thank you for reporting this. We are also encountering this error when human users are trying to log into the Koha OPAC (24.11.07) via OIDC from Chrome.
I thought that you said that it was working in Chrome but not in Firefox and only for Okta? -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40736 --- Comment #4 from David Cook <dcook@prosentient.com.au> --- Lari: Which version of Koha are you using? -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40736 --- Comment #5 from Alex Buckley <alexbuckley@catalyst.net.nz> --- (In reply to David Cook from comment #3)
(In reply to Alex Buckley from comment #1)
Hi,
Thank you for reporting this. We are also encountering this error when human users are trying to log into the Koha OPAC (24.11.07) via OIDC from Chrome.
I thought that you said that it was working in Chrome but not in Firefox and only for Okta?
Thanks for asking David! This is a new error we have recently encountered, also for Okta (the Koha IdP is configured to use protocol=OIDC). So separate to the login/logout/login we have inquired about. This error is not consistent, but the workflow is: - Start Chrome. - Go to either the Koha OPAC or staff client login page. - Click the 'Log in with Okta IdP' button. - You're re-directed to Okta. - After logging in, you're redirected back to Koha with an internal server error - screenshot attached from OPAC. I'm warning out the following (below this line https://git.koha-community.org/Koha-community/Koha/src/commit/2778a49fb16be1... ): use Data::Dumper; warn Dumper($c->req->cookie('CGISESSID')); And in plack-api-error.log the $c->req->cookie('CGISESSID') is NULL and the error is thrown: [2025/09/22 05:39:33] [WARN] $VAR1 = undef; [2025/09/22 05:39:33] [ERROR] Can't call method "value" on an undefined value at /usr/share/koha/lib/Koha/REST/V1/OAuth/Client.pm line 86. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40736 --- Comment #6 from Alex Buckley <alexbuckley@catalyst.net.nz> --- Created attachment 186651 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=186651&action=edit OPAC error after being redirected back from Okta IdP - URL details redacted Error thrown associated with an undef $c->req->cookie('CGISESSID') -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40736 --- Comment #7 from Lari Taskula <lari.taskula@hypernova.fi> --- Hi David, (In reply to David Cook from comment #4)
Lari: Which version of Koha are you using? 25.05.02 and 24.11.06
(In reply to David Cook from comment #2)
While I think coding a fix for that error message would be a good idea, you need to have a Koha session in order to generate the state value for the OIDC login. I suppose you could argue that the endpoint could generate a CGISESSID cookie if it's missing, but there shouldn't be a scenario where it's missing when logging in, since you should be navigating to it from the Koha UI. Would there be any downsides of having the endpoint generate the CGISESSID in case it is missing? Out of curiosity wouldn't it be useful to do so for external applications wanting to OIDC-authenticate an user to Koha to gain access to its authorized REST API endpoints?
By bare minimum we have to handle the exception by checking the existence of CGISESSID and responding with a HTTP 400 (bad request) in case it is missing, and perhaps log a warning instead of an error, if the logging of this event is wanted in the first place. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40736 --- Comment #8 from David Cook <dcook@prosentient.com.au> --- (In reply to Alex Buckley from comment #5)
This error is not consistent, but the workflow is:
- Start Chrome. - Go to either the Koha OPAC or staff client login page. - Click the 'Log in with Okta IdP' button. - You're re-directed to Okta. - After logging in, you're redirected back to Koha with an internal server error - screenshot attached from OPAC.
Ok I'll see if I can reproduce. I was already looking at SSO stuff today so it's on the mind. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40736 --- Comment #9 from David Cook <dcook@prosentient.com.au> --- (In reply to Lari Taskula from comment #7)
(In reply to David Cook from comment #4)
Lari: Which version of Koha are you using? 25.05.02 and 24.11.06
Cool I have a 24.11 I can test off easily, and I'll check main as well.
(In reply to David Cook from comment #2) Would there be any downsides of having the endpoint generate the CGISESSID in case it is missing? Out of curiosity wouldn't it be useful to do so for external applications wanting to OIDC-authenticate an user to Koha to gain access to its authorized REST API endpoints?
I'd say that's actually a CSRF security vulnerability.
By bare minimum we have to handle the exception by checking the existence of CGISESSID and responding with a HTTP 400 (bad request) in case it is missing, and perhaps log a warning instead of an error, if the logging of this event is wanted in the first place.
Yeah, certainly needs some code improvement there. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40736 --- Comment #10 from David Cook <dcook@prosentient.com.au> --- Okies... I'm able to log into Keycloak using Chrome on main (e.g. 25.06.00.018). Now trying to just direct link to http://localhost:8080/api/v1/public/oauth/login/test/opac In the browser, I see: {"errors":[{"message":"Internal Server Error.","path":"\/"}],"status":500} In /var/log/koha/kohadev/plack-api-error.log, I see: [2025/09/26 02:08:28] [ERROR] Can't call method "value" on an undefined value at /kohadevbox/koha/Koha/REST/V1/OAuth/Client.pm line 100. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40736 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=40882 -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40736 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |Needs Signoff -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40736 --- Comment #11 from David Cook <dcook@prosentient.com.au> --- Created attachment 186950 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=186950&action=edit Bug 40736: Gracefully handle missing CGISESSID cookie This change makes the REST API gracefully handle a missing CGISESSID when trying to do an OAuth/OIDC login by direct linking. Test plan: 0. Apply the patch and koha-plack --restart kohadev 1. Set up an OpenID Connect client using the wiki https://wiki.koha-community.org/wiki/Testing_SSO 2. In an incognito/private window, try directly logging in with the following URL: http://localhost:8080/api/v1/public/oauth/login/test/opac 3. Note that you're redirected to opac-user.pl with an auth error message of "No user session found" 4. Close the incognito/private window 5. In an incognito/private window, try directly logging in with the following URL: http://localhost:8081/api/v1/oauth/login/test/staff 6. Note that you're redirected to mainpage.pl with an auth error message of "No user session found" -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40736 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|koha-bugs@lists.koha-commun |dcook@prosentient.com.au |ity.org | --- Comment #12 from David Cook <dcook@prosentient.com.au> --- This change will prevent the error message in plack-api-error.log and will instead show a Koha web page with a human friendly error message. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40736 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|OAuth/OIDC authentication |OAuth/OIDC authentication |broken when CGISESSID is |logs error message when |missing |CGISESSID is missing --- Comment #13 from David Cook <dcook@prosentient.com.au> --- Alex: You'll still experience your problem but you'll get a prettier error message at least. To me, BZ 40736 is just about the API log getting filled up with errors unnecessarily. As for your issue, Alex... it's weird. Very weird. But unfortunately I do think it's a local issue. Your CGISESSID cookie is missing when it shouldn't be and you'll have to keep troubleshooting it locally I think :/. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40736 --- Comment #14 from David Cook <dcook@prosentient.com.au> --- I just double-checked 24.11 and its OIDC is working well with Keycloak for me as well. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40736 --- Comment #15 from Alex Buckley <alexbuckley@catalyst.net.nz> --- (In reply to David Cook from comment #13)
Alex: You'll still experience your problem but you'll get a prettier error message at least.
To me, BZ 40736 is just about the API log getting filled up with errors unnecessarily.
As for your issue, Alex... it's weird. Very weird. But unfortunately I do think it's a local issue. Your CGISESSID cookie is missing when it shouldn't be and you'll have to keep troubleshooting it locally I think :/.
Thanks David!(In reply to David Cook from comment #13)
Alex: You'll still experience your problem but you'll get a prettier error message at least.
To me, BZ 40736 is just about the API log getting filled up with errors unnecessarily.
As for your issue, Alex... it's weird. Very weird. But unfortunately I do think it's a local issue. Your CGISESSID cookie is missing when it shouldn't be and you'll have to keep troubleshooting it locally I think :/.
Thanks for the patches and update David. Appreciate it! -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40736 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=34164 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40736 Lari Taskula <lari.taskula@hypernova.fi> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #186950|0 |1 is obsolete| | --- Comment #16 from Lari Taskula <lari.taskula@hypernova.fi> --- Created attachment 187031 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=187031&action=edit Bug 40736: Gracefully handle missing CGISESSID cookie This change makes the REST API gracefully handle a missing CGISESSID when trying to do an OAuth/OIDC login by direct linking. Test plan: 0. Apply the patch and koha-plack --restart kohadev 1. Set up an OpenID Connect client using the wiki https://wiki.koha-community.org/wiki/Testing_SSO 2. In an incognito/private window, try directly logging in with the following URL: http://localhost:8080/api/v1/public/oauth/login/test/opac 3. Note that you're redirected to opac-user.pl with an auth error message of "No user session found" 4. Close the incognito/private window 5. In an incognito/private window, try directly logging in with the following URL: http://localhost:8081/api/v1/oauth/login/test/staff 6. Note that you're redirected to mainpage.pl with an auth error message of "No user session found" Signed-off-by: Lari Taskula <lari.taskula@hypernova.fi> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40736 --- Comment #17 from Lari Taskula <lari.taskula@hypernova.fi> --- Created attachment 187032 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=187032&action=edit Bug 40736: Restore commented out tests Commented out by https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=143438 (or https://github.com/Koha-Community/Koha/commit/9c5f6e8c1772ecb1c2ec8c25d6d320... ) To test: 1. prove t/db_dependent/api/v1/idp.t -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40736 --- Comment #18 from Lari Taskula <lari.taskula@hypernova.fi> --- Created attachment 187033 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=187033&action=edit Bug 40736: Add test To test: 1. prove t/db_dependent/api/v1/idp.t -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40736 --- Comment #19 from Lari Taskula <lari.taskula@hypernova.fi> --- (In reply to Lari Taskula from comment #17)
Created attachment 187032 [details] [review] Bug 40736: Restore commented out tests
While looking for existing tests, I found idp.t tests that were commented out by Bug 31378. I assume those comment-outs were accidentally pushed. This patch restores those tests. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40736 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Version|unspecified |Main CC| |lari.taskula@hypernova.fi --- Comment #20 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- 1) QA checks pass. 2) Code review - Nothing spotted 3) Testing - Unit tests pass: t/db_dependent/api/v1/idp.t @Lari: since you added tests, maybe you'd like to sign-off on the first patch from David? Then David could sign your follow-ups to get this unlocked. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40736 --- Comment #21 from Lari Taskula <lari.taskula@hypernova.fi> --- (In reply to Katrin Fischer from comment #20)
@Lari: since you added tests, maybe you'd like to sign-off on the first patch from David? Then David could sign your follow-ups to get this unlocked.
Which patch? I have already signed off David's patch :) -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40736 --- Comment #22 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- Aha! I had missed Lari already signed the first patch - David, could you take a look at the follow-ups to move this to signed off? -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40736 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40736 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #187031|0 |1 is obsolete| | --- Comment #23 from David Cook <dcook@prosentient.com.au> --- Created attachment 192580 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=192580&action=edit Bug 40736: Gracefully handle missing CGISESSID cookie This change makes the REST API gracefully handle a missing CGISESSID when trying to do an OAuth/OIDC login by direct linking. Test plan: 0. Apply the patch and koha-plack --restart kohadev 1. Set up an OpenID Connect client using the wiki https://wiki.koha-community.org/wiki/Testing_SSO 2. In an incognito/private window, try directly logging in with the following URL: http://localhost:8080/api/v1/public/oauth/login/test/opac 3. Note that you're redirected to opac-user.pl with an auth error message of "No user session found" 4. Close the incognito/private window 5. In an incognito/private window, try directly logging in with the following URL: http://localhost:8081/api/v1/oauth/login/test/staff 6. Note that you're redirected to mainpage.pl with an auth error message of "No user session found" Signed-off-by: Lari Taskula <lari.taskula@hypernova.fi> Signed-off-by: David Cook <dcook@prosentient.com.au> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40736 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #187032|0 |1 is obsolete| | --- Comment #24 from David Cook <dcook@prosentient.com.au> --- Created attachment 192581 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=192581&action=edit Bug 40736: Restore commented out tests Commented out by https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=143438 (or https://github.com/Koha-Community/Koha/commit/9c5f6e8c1772ecb1c2ec8c25d6d320... ) To test: 1. prove t/db_dependent/api/v1/idp.t Signed-off-by: David Cook <dcook@prosentient.com.au> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40736 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #187033|0 |1 is obsolete| | --- Comment #25 from David Cook <dcook@prosentient.com.au> --- Created attachment 192582 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=192582&action=edit Bug 40736: Add test To test: 1. prove t/db_dependent/api/v1/idp.t Signed-off-by: David Cook <dcook@prosentient.com.au> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40736 --- Comment #26 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- I love it when a plan works out :) -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40736 Tomás Cohen Arazi (tcohen) <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=42719 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40736 Martin Renvoize (ashimema) <martin.renvoize@openfifth.co.uk> changed: What |Removed |Added ---------------------------------------------------------------------------- Sponsorship status|--- |Unsponsored Status|Signed Off |Passed QA QA Contact|testopia@bugs.koha-communit |martin.renvoize@openfifth.c |y.org |o.uk Patch complexity|--- |Small patch -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40736 Martin Renvoize (ashimema) <martin.renvoize@openfifth.co.uk> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #192580|0 |1 is obsolete| | Attachment #192581|0 |1 is obsolete| | Attachment #192582|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40736 --- Comment #27 from Martin Renvoize (ashimema) <martin.renvoize@openfifth.co.uk> --- Created attachment 201390 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=201390&action=edit Bug 40736: Gracefully handle missing CGISESSID cookie This change makes the REST API gracefully handle a missing CGISESSID when trying to do an OAuth/OIDC login by direct linking. Test plan: 0. Apply the patch and koha-plack --restart kohadev 1. Set up an OpenID Connect client using the wiki https://wiki.koha-community.org/wiki/Testing_SSO 2. In an incognito/private window, try directly logging in with the following URL: http://localhost:8080/api/v1/public/oauth/login/test/opac 3. Note that you're redirected to opac-user.pl with an auth error message of "No user session found" 4. Close the incognito/private window 5. In an incognito/private window, try directly logging in with the following URL: http://localhost:8081/api/v1/oauth/login/test/staff 6. Note that you're redirected to mainpage.pl with an auth error message of "No user session found" Signed-off-by: Lari Taskula <lari.taskula@hypernova.fi> Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Martin Renvoize <martin.renvoize@openfifth.co.uk> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40736 --- Comment #28 from Martin Renvoize (ashimema) <martin.renvoize@openfifth.co.uk> --- Created attachment 201391 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=201391&action=edit Bug 40736: Restore commented out tests Commented out by https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=143438 (or https://github.com/Koha-Community/Koha/commit/9c5f6e8c1772ecb1c2ec8c25d6d320... ) To test: 1. prove t/db_dependent/api/v1/idp.t Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Martin Renvoize <martin.renvoize@openfifth.co.uk> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40736 --- Comment #29 from Martin Renvoize (ashimema) <martin.renvoize@openfifth.co.uk> --- Created attachment 201392 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=201392&action=edit Bug 40736: Add test To test: 1. prove t/db_dependent/api/v1/idp.t Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Martin Renvoize <martin.renvoize@openfifth.co.uk> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40736 --- Comment #30 from Martin Renvoize (ashimema) <martin.renvoize@openfifth.co.uk> --- Created attachment 201393 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=201393&action=edit Bug 40736: (QA follow-up) Avoid redundant CGISESSID cookie lookups The cookie is already fetched once into $current_session_cookie earlier in login(); reuse it instead of calling $c->req->cookie('CGISESSID') again at each check site. Signed-off-by: Martin Renvoize <martin.renvoize@openfifth.co.uk> -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org