Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity

Bug 36102: Generate a new sessionID if the existing one is invalid

Browse source 
If the cookie contain an expired sessionID we need to create another
one to correctly generate the CSRF token.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This commit is contained in:
Jonathan Druart 2024-02-20 14:01:04 +01:00
parent e533d5745c
commit 919d0d4c02
Signed by: jonathan.druart
GPG key ID: A085E712BEF0E0F0
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
C4/InstallAuth.pm
View file

@ -392,6 +392,10 @@ sub checkauth {
$template->param( 'invalid_username_or_password' => $info{'invalid_username_or_password'});
}
unless ( $sessionID ) {
my $session = Koha::Session->get_session( { storage_method => 'file' } );
$sessionID = $session->id;
}
$template->param(
%info,
sessionID => $sessionID,