[Koha-bugs] [Bug 12954] Questionable logic regarding session handling in C4::Auth::checkauth()
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Dec 31 08:26:51 CET 2014
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12954
--- Comment #13 from M. Tompsett <mtompset at hotmail.com> ---
Comment on attachment 34551
--> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=34551
Bug 12954 - Questionable logic regarding session handling in
C4::Auth::checkauth()
Review of attachment 34551:
--> (http://bugs.koha-community.org/bugzilla3/page.cgi?id=splinter.html&bug=12954&attachment=34551)
-----------------------------------------------------------------
::: C4/Auth.pm
@@ +1060,5 @@
> + if ($session) {
> + $session->delete();
> + $session->flush;
> + }
> + C4::Context->_unset_userenv($sessionID) if $sessionID;
I'm not sure moving this outside the if ($userid) check is right. I vaguely
recall strangeness with all the 5 test cases that I recommended when I was
testing a custom authentication for our organization in terms of setting of
userid and return and sessionID. I haven't tried this, but this code change
seems wrong to me. I'll possibly attempt later.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list