http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13779
Bug ID: 13779
Summary: sessionID declared twice in C4::Auth::checkauth()
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: NEW
Severity: minor
Priority: P5 - low
Component: Authentication
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
CC: [email protected]
"$sessionID" is declared twice in C4::Auth::checkauth().
The first time is at the start of C4::Auth::checkauth(), while the second is in
the "unless ($userid || $sessionID)" block.
This means that "return ( $userid, $cookie, $sessionID, $flags )", which is
called within the "if ( $loggedin || $authnotrequired )" block, will never ever
return the $sessionID created in the "unless ($userid || $sessionID)" block,
since it's out of scope.
The only time that "return ( $userid, $cookie, $sessionID, $flags )" will
return "$sessionID" is if the "elsif ( $sessionID = $query->cookie("CGISESSID")
)" block evaluates to true.
--
In other words, "my ( $userid, $cookie, $sessionID ) = checkauth( $query, 0, {
borrow => 1 }, 'opac', '');" will only have a $sessionID if the user already
has the CGISESSID cookie set.
This doesn't prevent checkauth() from setting the session or the cookie
properly. It just means $sessionID isn't set even though it should be, because
it's the value that is stored in the cookie!
--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[email protected]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
