[Koha-bugs] [Bug 17427] Replace CGI::Session with Data::Session

[bugzilla-daemon at bugs.koha-community.org]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17427

--- Comment #8 from Martin Renvoize <martin.renvoize at ptfs-europe.com> ---
Comment on attachment 56572
  --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=56572
Bug 17427: Replace CGI::Session with Data::Session

Review of attachment 56572:
 --> (https://bugs.koha-community.org/bugzilla3/page.cgi?id=splinter.html&bug=17427&attachment=56572)
-----------------------------------------------------------------

Generally looks good.. minor question about using ENV though.. not sure about
that part of the change.

::: C4/Auth.pm
@@ +1111,4 @@
>                      $session->param( 'branchname',   $branchname );
>                      $session->param( 'flags',        $userflags );
>                      $session->param( 'emailaddress', $emailaddress );
> +                    $session->param( 'ip',           $ENV{REMOTE_ADDR} );

Did we test this against plack?  Can we really rely on ENV for remote_addr...
and in fact.. do we not compare the session ip to the env remote_addr in places
as a security check?

-- 
You are receiving this mail because:
You are watching all bug changes.