https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34755
--- Comment #3 from Lukas Koszyk <[email protected]> --- I confirm that we have the same problem (in version 23.05.04). I also checked the userenv variable when generating and checking the CSRF token, in the logs I see the userenv of another user (not "anonymous"). The solution could be to destroy the hash for the active user and build a new hash for environment variables in initial OIDC request before generating the CSRF token (or even in callback by checking the token). Or it might be necessary to delete the entire session and initiate a new one when logging in using OIDC. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
