Bug 12887: User logged out on refresh after CAS authentication

If the user is already logged-in, do not trigger CAS authentication even if there is a ticket in the parameters. 1) Authenticate to the OPAC through CAS. 2) Once redirected to your account, hit F5 or the refresh button of your browser. 3) You're logged out. Signed-off-by: Koha Team Lyon 3 <koha@univ-lyon3.fr> Signed-off-by: Luce Barbey <luce.barbey@cirad.fr> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Added sign of lines according to bug. Works as described, small change. Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
9 years ago · 0c6ba2d0c4
1 changed files with 1 additions and 1 deletions
--- a/C4/Auth.pm
+++ b/C4/Auth.pm
@ -769,7 +769,7 @@ sub checkauth {
            $sessiontype = $session->param('sessiontype') || '';
        }
        if ( ( $query->param('koha_login_context') && ( $q_userid ne $s_userid ) )
-            || ( $cas && $query->param('ticket') ) || ( $shib && $shib_login && !$logout ) ) {
+            || ( $cas && $query->param('ticket') && !C4::Context->userenv->{'id'} ) || ( $shib && $shib_login && !$logout ) ) {

            #if a user enters an id ne to the id in the current session, we need to log them in...
            #first we need to clear the anonymous session...