From 919d0d4c02a35686083aa11351d092df4d348417 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Tue, 20 Feb 2024 14:01:04 +0100 Subject: [PATCH] Bug 36102: Generate a new sessionID if the existing one is invalid If the cookie contain an expired sessionID we need to create another one to correctly generate the CSRF token. Signed-off-by: Jonathan Druart --- C4/InstallAuth.pm | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/C4/InstallAuth.pm b/C4/InstallAuth.pm index 6730e94383..7a01e4829b 100644 --- a/C4/InstallAuth.pm +++ b/C4/InstallAuth.pm @@ -392,6 +392,10 @@ sub checkauth { $template->param( 'invalid_username_or_password' => $info{'invalid_username_or_password'}); } + unless ( $sessionID ) { + my $session = Koha::Session->get_session( { storage_method => 'file' } ); + $sessionID = $session->id; + } $template->param( %info, sessionID => $sessionID, -- 2.39.5