From 0c6ba2d0c4dde4237de9bcd3995254a4387b1fbe Mon Sep 17 00:00:00 2001 From: Matthias Meusburger Date: Wed, 4 Mar 2015 16:18:23 +0100 Subject: [PATCH] Bug 12887: User logged out on refresh after CAS authentication If the user is already logged-in, do not trigger CAS authentication even if there is a ticket in the parameters. 1) Authenticate to the OPAC through CAS. 2) Once redirected to your account, hit F5 or the refresh button of your browser. 3) You're logged out. Signed-off-by: Koha Team Lyon 3 Signed-off-by: Luce Barbey Signed-off-by: Katrin Fischer Added sign of lines according to bug. Works as described, small change. Signed-off-by: Tomas Cohen Arazi --- C4/Auth.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/C4/Auth.pm b/C4/Auth.pm index 2fea732ef1..345fd44ac8 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -769,7 +769,7 @@ sub checkauth { $sessiontype = $session->param('sessiontype') || ''; } if ( ( $query->param('koha_login_context') && ( $q_userid ne $s_userid ) ) - || ( $cas && $query->param('ticket') ) || ( $shib && $shib_login && !$logout ) ) { + || ( $cas && $query->param('ticket') && !C4::Context->userenv->{'id'} ) || ( $shib && $shib_login && !$logout ) ) { #if a user enters an id ne to the id in the current session, we need to log them in... #first we need to clear the anonymous session... -- 2.39.5