Bug 33881: Clear self-check JWT during auth kick out
This patch clears the JWT cookie during auth kick out (ie when a web user navigates from the self-check out/in to the rest of Koha). Test plan: 0. Apply patch and koha-plack --reload kohadev 1. Go to http://localhost:8080/cgi-bin/koha/sco/sco-main.pl 2. Log in as the "koha" user 3. In another tab, go to http://localhost:8080/cgi-bin/koha/sco/sco-main.pl 4. Go to http://localhost:8080/cgi-bin/koha/opac-search.pl?idx=&q=a&weight_search=1 5. Note that you are prompted to "Log in to your account" via the normal Koha prompt 6. Go to http://localhost:8080/cgi-bin/koha/sco/sco-main.pl 7. Note that you are prompted to "Log in to your account" within the "Self checkout system", and note that your self-checkout session for the "koha" user has *not* persisted like it did before the patch was applied Signed-off-by: Andrew Fuerste-Henry <andrewfh@dubcolib.org> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> (cherry picked from commit 1fa961b97b8f52d1c9920c72d9338d150deb829b) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This commit is contained in:
parent
84724639ed
commit
b6f3da27c1
1 changed files with 9 additions and 0 deletions
|
@ -260,6 +260,15 @@ sub get_template_and_user {
|
|||
-sameSite => 'Lax',
|
||||
));
|
||||
|
||||
#NOTE: This JWT should only be used by the self-check controllers
|
||||
$cookie = $cookie_mgr->replace_in_list( $cookie, $in->{query}->cookie(
|
||||
-name => 'JWT',
|
||||
-value => '',
|
||||
-HttpOnly => 1,
|
||||
-secure => ( C4::Context->https_enabled() ? 1 : 0 ),
|
||||
-sameSite => 'Lax',
|
||||
));
|
||||
|
||||
my $auth_error = $in->{query}->param('auth_error');
|
||||
|
||||
$template->param(
|
||||
|
|
Loading…
Reference in a new issue