A failed login should not leave the user in a half logged authenticated
state, but rather return them to an anonymouse session as per the
pre-login attempt state.
To replicate error:
1. Try to log in with some nonexisting user id or wrong password in the
OPAC
2. Go directly to /opac-user.pl (e.g., enter it in the browser address
bar, or just click on the "Log in" link)
3. Observe a DBI error displayed on the screen
4. You are now in the "deadloop" of sorts (opac/opac-user.pl refuses to
display the login screen, no matter how many times you try to reload
it); to break the deadloop, one needs to:
- remove session cookie from the browser (or cause the session to
expire in some other way - closing browser window would be probably
enough for that)
- remove offending session on the server (from mysql sessions table,
..)
- log in with proper credentials using some other page (like
opac/opac-main.pl right-side panel), which does not involve
opac/opac-user.pl being called without "userid" CGI parameter.
To test:
1. Test as above, the DBI error should no longer be present
2. Check that search history works across failed and sucessful login
attempts
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Koha is a free software integrated library system.
Koha is distributed under the GNU GPL version 3 or later.
Please read the file LICENSE for more details.
To install or upgrade Koha, please see the INSTALL file appropriate
to your platform.
Report bugs at http://bugs.koha-community.org/
Visit the Koha Project website at http://www.koha-community.org/