Revision a8780020
Von Sven Schöling vor fast 4 Jahren hinzugefügt
| SL/Dispatcher.pm | ||
|---|---|---|
| 95 | 95 |
my $session_result = $::auth->restore_session; |
| 96 | 96 |
$::auth->create_or_refresh_session; |
| 97 | 97 |
|
| 98 |
$::request->cgi->add_cookie( |
|
| 99 |
$::auth->get_session_cookie_name, |
|
| 100 |
$::auth->get_session_id, |
|
| 101 |
path => $::request->request_base_uri->path, |
|
| 102 |
secure => $::request->is_https, |
|
| 103 |
expires => '+' . $::auth->{session_timeout} . 'm',
|
|
| 104 |
); |
|
| 105 |
|
|
| 98 | 106 |
if ($params{client}) {
|
| 99 | 107 |
$::auth->set_client($params{client}) || die("cannot find client " . $params{client});
|
| 100 | 108 |
|
| SL/Form.pm | ||
|---|---|---|
| 314 | 314 |
} |
| 315 | 315 |
|
| 316 | 316 |
sub create_http_response {
|
| 317 |
my $self = shift; |
|
| 318 |
my %params = @_; |
|
| 319 |
|
|
| 320 |
if (defined $::auth) {
|
|
| 321 |
my $uri = $::request->request_uri; |
|
| 322 |
my @segments = $uri->path_segments; |
|
| 323 |
pop @segments; |
|
| 324 |
$uri->path_segments(@segments); |
|
| 325 |
|
|
| 326 |
if ($::auth->get_session_id) {
|
|
| 327 |
$::request->cgi->add_cookie( |
|
| 328 |
$::auth->get_session_cookie_name, |
|
| 329 |
$::auth->get_session_id, |
|
| 330 |
path => $uri->path, |
|
| 331 |
secure => $::request->is_https, |
|
| 332 |
explires => '+' . $::auth->{session_timeout} . 'm',
|
|
| 333 |
); |
|
| 334 |
} |
|
| 335 |
} |
|
| 317 |
my ($self, %params) = @_; |
|
| 336 | 318 |
|
| 337 | 319 |
$::request->cgi->header(%params); |
| 338 | 320 |
} |
Auch abrufbar als: Unified diff
Cookiehandling in pre_request_initializaton verschoben
Vorher wurden Cookis nur bei normalen 200 Responses gesetzt, nicht aber
bei redirects. Das ist jetzt behoben, und damit auch der berüchtigte
Doppellogin Bug.