https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
--- Comment #21 from David Cook <[email protected]> --- With the 1st patch, we've got manual log in fixed for /cgi-bin/koha/sco/sco-main.pl If it's the first session, I can manually log into /cgi-bin/koha/sci/sci-main.pl (However, if I log into /cgi-bin/koha/sco/sco-main.pl and then log into /cgi-bin/koha/sci/sci-main.pl it doesn't work, as I'm presented with the message "Access denied. Sorry, the system doesn't think you have permission to access this page." It looks like it's because it's doing the "kick_out" since we have $is_sco_user. That's a current system thing so nothing to worry about.) -- The 2nd patch fixes AutoSelfCheckAllowed, but I can see what Jonathan means about it being ugly. Something to keep in mind is that we're re-authenticating on every SCO page load, but my bug 34478 commit 8b69d0b4d3e72171d9f2d51234f345405a433c4f actually makes the AutoSelfCheck session persistent, so once we have that authenticated session, we don't really need to re-authenticate. One option could be to move the AutoSelfCheck auth process into "checkauth". Another option could be to allow sco-main.pl to do a sort of "preauth" and create its own authenticated session before get_template_and_user() if necessary. (At the moment, this is sort of what we're trying to do by force stuffing the AutoSelfCheck credentials on every load of sco-main.pl.) However, this option would need some tweaks to things like get_template_and_user() and checkauth() to be able to accept a sessionID passed in (instead of just looking at the incoming session cookie). So I think we could do something a bit smarter when handling our sessions. -- But... both of those options would take more work. Jonathan has provided something that already appears to work, and we're getting closer to our May release deadline, so I think perhaps we shouldn't make the perfect the enemy of the good. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
