[Koha-bugs] [Bug 13779] New: sessionID declared twice in C4::Auth::checkauth()
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Mar 3 07:09:26 CET 2015
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13779
Bug ID: 13779
Summary: sessionID declared twice in C4::Auth::checkauth()
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: NEW
Severity: minor
Priority: P5 - low
Component: Authentication
Assignee: gmcharlt at gmail.com
Reporter: dcook at prosentient.com.au
QA Contact: testopia at bugs.koha-community.org
CC: dpavlin at rot13.org
"$sessionID" is declared twice in C4::Auth::checkauth().
The first time is at the start of C4::Auth::checkauth(), while the second is in
the "unless ($userid || $sessionID)" block.
This means that "return ( $userid, $cookie, $sessionID, $flags )", which is
called within the "if ( $loggedin || $authnotrequired )" block, will never ever
return the $sessionID created in the "unless ($userid || $sessionID)" block,
since it's out of scope.
The only time that "return ( $userid, $cookie, $sessionID, $flags )" will
return "$sessionID" is if the "elsif ( $sessionID = $query->cookie("CGISESSID")
)" block evaluates to true.
--
In other words, "my ( $userid, $cookie, $sessionID ) = checkauth( $query, 0, {
borrow => 1 }, 'opac', '');" will only have a $sessionID if the user already
has the CGISESSID cookie set.
This doesn't prevent checkauth() from setting the session or the cookie
properly. It just means $sessionID isn't set even though it should be, because
it's the value that is stored in the cookie!
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list