Bug 29957: Adjust push @$cookie statements in Auth

We can now use $cookie_mgr->replace_in_list instead. This effectively removes duplicates and keeps the newest cookie. Note: In the test plan below we are just verifying if this patch did not change behavior. The replace_in_list routine has been tested already in a unit test. Test plan: Run t/db_dependent/Auth.t Login at OPAC. Hit some opac and staff pages. Perform an Advanced search on OPAC. Check cookies in browser. Logout. Check cookies again. Verify with your do_not_remove_cookie lines in koha-conf.xml. Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-03-16 12:43:07 +00:00 · 2022-03-16 12:43:07 +00:00 · 832756a184
commit 832756a184
parent a13b004db8
1 changed files with 15 additions and 15 deletions
--- a/C4/Auth.pm
+++ b/C4/Auth.pm
@ -157,6 +157,8 @@ sub get_template_and_user {
    my ( $user, $cookie, $sessionID, $flags );
    $cookie = [];

+    my $cookie_mgr = Koha::CookieManager->new;
+
    # Get shibboleth login attribute
    my $shib = C4::Context->config('useshibboleth') && shib_ok();
    my $shib_login = $shib ? get_login_shib() : undef;
@ -245,13 +247,12 @@ sub get_template_and_user {
        if ($kick_out) {
            $template = C4::Templates::gettemplate( 'opac-auth.tt', 'opac',
                $in->{query} );
-            push @$cookie, $in->{query}->cookie(
+            $cookie = $cookie_mgr->replace_in_list( $cookie, $in->{query}->cookie(
                -name     => 'CGISESSID',
                -value    => '',
-                -expires  => '',
                -HttpOnly => 1,
                -secure => ( C4::Context->https_enabled() ? 1 : 0 ),
-            );
+            ));

            $template->param(
                loginprompt => 1,
@ -656,7 +657,7 @@ sub get_template_and_user {
        # what to do
        my $language = C4::Languages::getlanguage( $in->{'query'} );
        my $languagecookie = C4::Templates::getlanguagecookie( $in->{'query'}, $language );
-        push @{$cookie}, $languagecookie;
+        $cookie = $cookie_mgr->replace_in_list( $cookie, $languagecookie );
    }

    return ( $template, $borrowernumber, $cookie, $flags );
@ -868,13 +869,12 @@ sub checkauth {
    if ( !$shib and defined( $ENV{'REMOTE_USER'} ) and $ENV{'REMOTE_USER'} ne '' and $userid = $ENV{'REMOTE_USER'} ) {

        # Using Basic Authentication, no cookies required
-        push @$cookie, $query->cookie(
+        $cookie = $cookie_mgr->replace_in_list( $cookie, $query->cookie(
            -name     => 'CGISESSID',
            -value    => '',
-            -expires  => '',
            -HttpOnly => 1,
            -secure => ( C4::Context->https_enabled() ? 1 : 0 ),
-        );
+        ));
        $loggedin = 1;
    }
    elsif ( $emailaddress) {
@ -927,12 +927,12 @@ sub checkauth {
                }
            } else {

-                push @$cookie, $query->cookie(
+                $cookie = $cookie_mgr->replace_in_list( $cookie, $query->cookie(
                    -name     => 'CGISESSID',
                    -value    => $session->id,
                    -HttpOnly => 1,
                    -secure => ( C4::Context->https_enabled() ? 1 : 0 ),
-                );
+                ));

                $flags = haspermission( $userid, $flagsrequired );
                if ($flags) {
@ -971,12 +971,12 @@ sub checkauth {

        $sessionID = $session->id;
        C4::Context->_new_userenv($sessionID);
-        push @$cookie, $query->cookie(
+        $cookie = $cookie_mgr->replace_in_list( $cookie, $query->cookie(
            -name     => 'CGISESSID',
            -value    => $sessionID,
            -HttpOnly => 1,
            -secure => ( C4::Context->https_enabled() ? 1 : 0 ),
-        );
+        ));
        my $pki_field = C4::Context->preference('AllowPKIAuth');
        if ( !defined($pki_field) ) {
            print STDERR "ERROR: Missing system preference AllowPKIAuth.\n";
@ -1171,12 +1171,12 @@ sub checkauth {
                        $domain =~ s|\.\*||g;
                        if ( $ip !~ /^$domain/ ) {
                            $loggedin = 0;
-                            push @$cookie, $query->cookie(
+                            $cookie = $cookie_mgr->replace_in_list( $cookie, $query->cookie(
                                -name     => 'CGISESSID',
                                -value    => '',
                                -HttpOnly => 1,
                                -secure => ( C4::Context->https_enabled() ? 1 : 0 ),
-                            );
+                            ));
                            $info{'wrongip'} = 1;
                        }
                    }
@ -1260,12 +1260,12 @@ sub checkauth {
    {
        # successful login
        unless (@$cookie) {
-            push @$cookie, $query->cookie(
+            $cookie = $cookie_mgr->replace_in_list( $cookie, $query->cookie(
                -name     => 'CGISESSID',
                -value    => '',
                -HttpOnly => 1,
                -secure => ( C4::Context->https_enabled() ? 1 : 0 ),
-            );
+            ));
        }

        track_login_daily( $userid );