[koha-commits] main Koha release repository branch 3.14.x updated. v3.14.15-3-g314f469

Git repo owner gitmaster at git.koha-community.org
Thu Jun 18 09:30:36 CEST 2015 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".

The branch, 3.14.x has been updated
       via  314f4696e2612b051968dcb42cf9cc613ad0361c (commit)
      from  1eb03a7f81110429bf71561c24b7251e4e4cd9fb (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 314f4696e2612b051968dcb42cf9cc613ad0361c
Author: Mason James <mtj at kohaaloha.com>
Date:   Thu Apr 9 15:33:02 2015 +1200

    Bug 12954: Failed login should retain anonymous session (3.16.x)
    
    A failed login should not leave the user in a half logged authenticated
    state, but rather return them to an anonymouse session as per the
    pre-login attempt state.
    
    To replicate error:
    1. Try to log in with some nonexisting user id or wrong password in the
       OPAC
    2. Go directly to /opac-user.pl (e.g., enter it in the browser address
       bar, or just click on the "Log in" link)
    3. Observe a DBI error displayed on the screen
    4. You are now in the "deadloop" of sorts (opac/opac-user.pl refuses to
       display the login screen, no matter how many times you try to reload
       it); to break the deadloop, one needs to:
       - remove session cookie from the browser (or cause the session to
         expire in some other way - closing browser window would be probably
         enough for that)
       - remove offending session on the server (from mysql sessions table,
        ..)
       - log in with proper credentials using some other page (like
         opac/opac-main.pl right-side panel), which does not involve
         opac/opac-user.pl being called without "userid" CGI parameter.
    
    To test:
    1. Test as above, the DBI error should no longer be present
    2. Check that search history works across failed and sucessful login
       attempts
    
    Signed-off-by: Chris Cormack <chris at bigballofwax.co.nz>
    Signed-off-by: Jonathan Druart <jonathan.druart at biblibre.com>
    Signed-off-by: Mason James <mtj at kohaaloha.com>
    (cherry picked from commit 7f504acc13a361ba93504917498ae955b82ed430)
    Signed-off-by: Fridolin Somers <fridolin.somers at biblibre.com>

-----------------------------------------------------------------------

Summary of changes:
 C4/Auth.pm |    2 ++
 1 file changed, 2 insertions(+)


hooks/post-receive
-- 
main Koha release repository

More information about the koha-commits mailing list